Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1431796
MD5:cc800aee4d8f6b42601be444e284354e
SHA1:ef00c39a62b2b5cc4ccd2fea63c0dfa8aadb85c2
SHA256:d0295c334677da7ca28746b3feff2e82320314322d99af837090c4e87b362479
Tags:exe
Infos:

Detection

PureLog Stealer, RisePro Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AntiVM3
Yara detected PureLog Stealer
Yara detected RisePro Stealer
Yara detected zgRAT
Allocates memory in foreign processes
Contains functionality to inject threads in other processes
Found API chain indicative of sandbox detection
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Found many strings related to Crypto-Wallets (likely being stolen)
Found stalling execution ending in API Sleep call
Injects a PE file into a foreign processes
Machine Learning detection for sample
Sigma detected: Silenttrinity Stager Msbuild Activity
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to detect sandboxes (mouse cursor move detection)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Found decision node followed by non-executed suspicious APIs
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7084 cmdline: "C:\Users\user\Desktop\file.exe" MD5: CC800AEE4D8F6B42601BE444E284354E)
    • MSBuild.exe (PID: 1208 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
      • WerFault.exe (PID: 2276 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 1688 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
file.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
    file.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
      file.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
        file.exeMALWARE_Win_zgRATDetects zgRATditekSHen
        • 0x90887:$s1: file:///
        • 0x90797:$s2: {11111-22222-10009-11112}
        • 0x90817:$s3: {11111-22222-50001-00000}
        • 0x8f147:$s4: get_Module
        • 0x834ef:$s5: Reverse
        • 0x3b9bde:$s5: Reverse
        • 0x3bc992:$s5: Reverse
        • 0x3bcc08:$s5: Reverse
        • 0x3bceea:$s5: Reverse
        • 0x3bcf69:$s5: Reverse
        • 0x3bdb30:$s5: Reverse
        • 0x3bdbb1:$s5: Reverse
        • 0x82d0f:$s6: BlockCopy
        • 0x867d7:$s7: ReadByte
        • 0x90899:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...

        Dropped Files

        SourceRuleDescriptionAuthorStrings
        C:\Users\user\AppData\Local\Temp\OSzk73DYdvwL_Z1T3wG2Xn4.zipJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          00000002.00000002.2254441569.0000000005376000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
            00000002.00000002.2254441569.0000000005350000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              00000000.00000000.2084139212.0000000000132000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                Process Memory Space: file.exe PID: 7084JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                  Process Memory Space: MSBuild.exe PID: 1208JoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
                    Click to see the 1 entries

                    Unpacked PEs

                    SourceRuleDescriptionAuthorStrings
                    0.0.file.exe.55c8e6.1.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                      0.0.file.exe.130000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                        0.0.file.exe.130000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                          0.0.file.exe.130000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                            0.0.file.exe.130000.0.unpackMALWARE_Win_zgRATDetects zgRATditekSHen
                            • 0x90887:$s1: file:///
                            • 0x90797:$s2: {11111-22222-10009-11112}
                            • 0x90817:$s3: {11111-22222-50001-00000}
                            • 0x8f147:$s4: get_Module
                            • 0x834ef:$s5: Reverse
                            • 0x3b9bde:$s5: Reverse
                            • 0x3bc992:$s5: Reverse
                            • 0x3bcc08:$s5: Reverse
                            • 0x3bceea:$s5: Reverse
                            • 0x3bcf69:$s5: Reverse
                            • 0x3bdb30:$s5: Reverse
                            • 0x3bdbb1:$s5: Reverse
                            • 0x82d0f:$s6: BlockCopy
                            • 0x867d7:$s7: ReadByte
                            • 0x90899:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...

                            Sigma Signatures

                            System Summary

                            barindex
                            Sigma detected: Silenttrinity Stager Msbuild Activity
                            Source: Network ConnectionAuthor: Kiran kumar s, oscd.community: Data: DestinationIp: 34.117.186.192, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, Initiated: true, ProcessId: 1208, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49702

                            Snort Signatures

                            Timestamp:04/25/24-19:32:04.905698
                            SID:2046269
                            Source Port:49701
                            Destination Port:50500
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:04/25/24-19:31:58.542658
                            SID:2046266
                            Source Port:50500
                            Destination Port:49701
                            Protocol:TCP
                            Classtype:A Network Trojan was detected
                            Timestamp:04/25/24-19:31:58.314749
                            SID:2049060
                            Source Port:49701
                            Destination Port:50500
                            Protocol:TCP
                            Classtype:A Network Trojan was detected

                            Joe Sandbox Signatures

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Multi AV Scanner detection for submitted file
                            Source: file.exeReversingLabs: Detection: 13%
                            Machine Learning detection for sample
                            Source: file.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3CDD20 CryptReleaseContext,0_2_6D3CDD20
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3CDE00 CryptGenRandom,__CxxThrowException@8,0_2_6D3CDE00
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3CDEE0 CryptReleaseContext,0_2_6D3CDEE0
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3CD9D0 CryptAcquireContextA,GetLastError,0_2_6D3CD9D0
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3CDBB0 CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptAcquireContextA,SetLastError,__CxxThrowException@8,0_2_6D3CDBB0
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3F35E0 CryptReleaseContext,0_2_6D3F35E0
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3CD7F0 CryptReleaseContext,0_2_6D3CD7F0
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3CD7D4 CryptReleaseContext,0_2_6D3CD7D4
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004C3EB0 CryptUnprotectData,CryptUnprotectData,LocalFree,LocalFree,2_2_004C3EB0
                            Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                            Source: unknownHTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49714 version: TLS 1.0
                            Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.6:49702 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 172.67.75.166:443 -> 192.168.2.6:49703 version: TLS 1.2
                            Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                            Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\Win32\Release\Protect32.pdb source: file.exe, 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2092553408.0000000004516000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100325366.0000000005170000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.2092553408.00000000046A1000.00000004.00000800.00020000.00000000.sdmp, Protect544cd51a.dll.0.dr
                            Source: Binary string: c:\Users\kkelsch\Documents\PushNotifications\PushSharp\PushSharp-master\PushSharp.Android\obj\Debug\PushSharp.Android.pdb source: file.exe
                            Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\x64\Release\Protect64.pdb source: file.exe, 00000000.00000002.2100325366.000000000522A000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.2092553408.0000000004447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2092553408.00000000045D2000.00000004.00000800.00020000.00000000.sdmp
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004DD2B0 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,2_2_004DD2B0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004C33B0 FindFirstFileA,FindNextFileA,GetLastError,FindClose,2_2_004C33B0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00491A60 SHGetFolderPathA,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CopyFileA,CredEnumerateA,2_2_00491A60
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004E3B20 FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,std::_Throw_Cpp_error,std::_Throw_Cpp_error,2_2_004E3B20
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00431F8C FindClose,FindFirstFileExW,GetLastError,2_2_00431F8C
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00432012 GetLastError,GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,2_2_00432012
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004913F0 FindFirstFileA,FindNextFileA,GetLastError,FindClose,2_2_004913F0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_0044FC1D FindFirstFileExW,2_2_0044FC1D
                            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_04DFC480
                            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_04DF0C4C
                            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_04DFC479
                            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 04DFC06Ah0_2_04DFBEF8
                            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_04DF3E38
                            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 04DFC06Ah0_2_04DFBFB8
                            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 04DFC06Ah0_2_04DFBFB1
                            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_04DF3F48
                            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_04DF4058
                            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-14h], 40000003h0_2_04DF4168
                            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_04DF2A63

                            Networking

                            barindex
                            Snort IDS alert for network traffic
                            Source: TrafficSnort IDS: 2049060 ET TROJAN RisePro TCP Heartbeat Packet 192.168.2.6:49701 -> 45.15.156.9:50500
                            Source: TrafficSnort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 45.15.156.9:50500 -> 192.168.2.6:49701
                            Source: TrafficSnort IDS: 2046269 ET TROJAN [ANY.RUN] RisePro TCP (Activity) 192.168.2.6:49701 -> 45.15.156.9:50500
                            Yara detected Generic Downloader
                            Source: Yara matchFile source: file.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.file.exe.55c8e6.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0.0.file.exe.130000.0.unpack, type: UNPACKEDPE
                            Source: global trafficTCP traffic: 192.168.2.6:49701 -> 45.15.156.9:50500
                            Source: Joe Sandbox ViewIP Address: 34.117.186.192 34.117.186.192
                            Source: Joe Sandbox ViewIP Address: 34.117.186.192 34.117.186.192
                            Source: Joe Sandbox ViewIP Address: 172.67.75.166 172.67.75.166
                            Source: Joe Sandbox ViewASN Name: RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU
                            Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
                            Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                            Source: unknownDNS query: name: ipinfo.io
                            Source: unknownDNS query: name: ipinfo.io
                            Source: global trafficHTTP traffic detected: GET /widget/demo/185.152.66.230 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
                            Source: global trafficHTTP traffic detected: GET /demo/home.php?s=185.152.66.230 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
                            Source: unknownHTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49714 version: TLS 1.0
                            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: unknownTCP traffic detected without corresponding DNS query: 45.15.156.9
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004C52A0 recv,GetCurrentProcess,2_2_004C52A0
                            Source: global trafficHTTP traffic detected: GET /widget/demo/185.152.66.230 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
                            Source: global trafficHTTP traffic detected: GET /demo/home.php?s=185.152.66.230 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
                            Source: global trafficDNS traffic detected: DNS query: ipinfo.io
                            Source: global trafficDNS traffic detected: DNS query: db-ip.com
                            Source: file.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                            Source: file.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                            Source: file.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                            Source: file.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                            Source: file.exeString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
                            Source: file.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                            Source: file.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                            Source: file.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                            Source: file.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                            Source: file.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                            Source: file.exeString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
                            Source: file.exeString found in binary or memory: http://ocsp.digicert.com0
                            Source: file.exeString found in binary or memory: http://ocsp.digicert.com0A
                            Source: file.exeString found in binary or memory: http://ocsp.digicert.com0C
                            Source: file.exeString found in binary or memory: http://ocsp.digicert.com0X
                            Source: file.exeString found in binary or memory: http://ocsp.sectigo.com0
                            Source: Amcache.hve.5.drString found in binary or memory: http://upx.sf.net
                            Source: file.exeString found in binary or memory: http://www.digicert.com/CPS0
                            Source: file.exeString found in binary or memory: http://www.nero.com
                            Source: file.exe, 00000000.00000002.2092553408.0000000003ED3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2092553408.0000000003A11000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2092553408.000000000475D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, MSBuild.exe, 00000002.00000002.2251295820.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
                            Source: RKYfFZrWSM45Web Data.2.dr, ajumioWrPFqJWeb Data.2.dr, thqzuRPPOYh_Web Data.2.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                            Source: file.exeString found in binary or memory: https://android.apis.google.com/c2dm/send
                            Source: file.exeString found in binary or memory: https://android.googleapis.com/gcm/send
                            Source: file.exeString found in binary or memory: https://android.googleapis.com/gcm/sendAchannelSettings
                            Source: RKYfFZrWSM45Web Data.2.dr, ajumioWrPFqJWeb Data.2.dr, thqzuRPPOYh_Web Data.2.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                            Source: RKYfFZrWSM45Web Data.2.dr, ajumioWrPFqJWeb Data.2.dr, thqzuRPPOYh_Web Data.2.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                            Source: RKYfFZrWSM45Web Data.2.dr, ajumioWrPFqJWeb Data.2.dr, thqzuRPPOYh_Web Data.2.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                            Source: MSBuild.exe, 00000002.00000002.2253258686.00000000011A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/demo/home.php?s=185.152.66.230
                            Source: MSBuild.exe, 00000002.00000002.2253258686.00000000011A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/demo/home.php?s=185.152.66.230l
                            Source: MSBuild.exe, 00000002.00000002.2254441569.0000000005350000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/w
                            Source: MSBuild.exe, 00000002.00000002.2253258686.00000000011A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com:443/demo/home.php?s=185.152.66.230A
                            Source: RKYfFZrWSM45Web Data.2.dr, ajumioWrPFqJWeb Data.2.dr, thqzuRPPOYh_Web Data.2.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                            Source: RKYfFZrWSM45Web Data.2.dr, ajumioWrPFqJWeb Data.2.dr, thqzuRPPOYh_Web Data.2.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                            Source: RKYfFZrWSM45Web Data.2.dr, ajumioWrPFqJWeb Data.2.dr, thqzuRPPOYh_Web Data.2.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                            Source: MSBuild.exe, 00000002.00000002.2252816431.000000000111E000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2252816431.0000000001100000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2253258686.0000000001199000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2254441569.0000000005350000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/
                            Source: MSBuild.exe, 00000002.00000002.2253258686.0000000001199000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/Mozilla/5.0
                            Source: file.exe, 00000000.00000002.2092553408.0000000003ED3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2092553408.0000000003A11000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2092553408.000000000475D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2251295820.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll
                            Source: MSBuild.exe, 00000002.00000002.2253258686.0000000001199000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2253258686.0000000001172000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/185.152.66.230
                            Source: MSBuild.exe, 00000002.00000002.2253258686.0000000001172000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/185.152.66.230sx
                            Source: MSBuild.exe, 00000002.00000002.2253258686.0000000001199000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io:443/widget/demo/185.152.66.230
                            Source: file.exeString found in binary or memory: https://sectigo.com/CPS0
                            Source: 3b6N2Xdh3CYwplaces.sqlite.2.drString found in binary or memory: https://support.mozilla.org
                            Source: 3b6N2Xdh3CYwplaces.sqlite.2.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                            Source: 3b6N2Xdh3CYwplaces.sqlite.2.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt
                            Source: MSBuild.exe, 00000002.00000002.2254441569.0000000005376000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2252816431.00000000010E8000.00000004.00000020.00020000.00000000.sdmp, OSzk73DYdvwL_Z1T3wG2Xn4.zip.2.drString found in binary or memory: https://t.me/RiseProSUPPORT
                            Source: MSBuild.exe, 00000002.00000002.2254441569.0000000005376000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORTi
                            Source: MSBuild.exe, 00000002.00000002.2254441569.0000000005350000.00000004.00000020.00020000.00000000.sdmp, passwords.txt.2.drString found in binary or memory: https://t.me/risepro_bot
                            Source: RKYfFZrWSM45Web Data.2.dr, ajumioWrPFqJWeb Data.2.dr, thqzuRPPOYh_Web Data.2.drString found in binary or memory: https://www.ecosia.org/newtab/
                            Source: file.exeString found in binary or memory: https://www.google.com/accounts/ClientLogin
                            Source: RKYfFZrWSM45Web Data.2.dr, ajumioWrPFqJWeb Data.2.dr, thqzuRPPOYh_Web Data.2.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                            Source: MSBuild.exeString found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address
                            Source: D87fZN3R3jFeplaces.sqlite.2.dr, 3b6N2Xdh3CYwplaces.sqlite.2.drString found in binary or memory: https://www.mozilla.org
                            Source: 3b6N2Xdh3CYwplaces.sqlite.2.drString found in binary or memory: https://www.mozilla.org#
                            Source: 3b6N2Xdh3CYwplaces.sqlite.2.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
                            Source: 3b6N2Xdh3CYwplaces.sqlite.2.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
                            Source: 3b6N2Xdh3CYwplaces.sqlite.2.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                            Source: file.exeString found in binary or memory: https://www.security.us.panasonic.com
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
                            Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.6:49702 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 172.67.75.166:443 -> 192.168.2.6:49703 version: TLS 1.2
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004E33A0 GdiplusStartup,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GdipCreateBitmapFromHBITMAP,GdipGetImageEncodersSize,GdipGetImageEncoders,GdipSaveImageToFile,DeleteObject,GdipDisposeImage,DeleteObject,ReleaseDC,GdiplusShutdown,2_2_004E33A0

                            System Summary

                            barindex
                            Malicious sample detected (through community Yara rule)
                            Source: file.exe, type: SAMPLEMatched rule: Detects zgRAT Author: ditekSHen
                            Source: 0.0.file.exe.130000.0.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D39B6B00_2_6D39B6B0
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D392D700_2_6D392D70
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3EAC290_2_6D3EAC29
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3C4EE00_2_6D3C4EE0
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3B49700_2_6D3B4970
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D378B300_2_6D378B30
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3E0B890_2_6D3E0B89
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3B4AC00_2_6D3B4AC0
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3B45500_2_6D3B4550
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3EA54D0_2_6D3EA54D
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D37C7B00_2_6D37C7B0
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D37A7E00_2_6D37A7E0
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3766500_2_6D376650
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D38A0C00_2_6D38A0C0
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3D23100_2_6D3D2310
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3C63B00_2_6D3C63B0
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3E5DD20_2_6D3E5DD2
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3C5DD00_2_6D3C5DD0
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3D1CA00_2_6D3D1CA0
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3B3C900_2_6D3B3C90
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3E9FFC0_2_6D3E9FFC
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3EBFF10_2_6D3EBFF1
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3B3E500_2_6D3B3E50
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3C5EB90_2_6D3C5EB9
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3EB9640_2_6D3EB964
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3C58300_2_6D3C5830
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3C58D50_2_6D3C58D5
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3C58D70_2_6D3C58D7
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3E9AAB0_2_6D3E9AAB
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3B34600_2_6D3B3460
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3C50500_2_6D3C5050
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3C52740_2_6D3C5274
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3B32600_2_6D3B3260
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_028395100_2_02839510
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_028380800_2_02838080
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0283CC800_2_0283CC80
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_028315880_2_02831588
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_02830D900_2_02830D90
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_02830DA00_2_02830DA0
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_028315780_2_02831578
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05050EB30_2_05050EB3
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_050526F80_2_050526F8
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_050509300_2_05050930
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_050526F40_2_050526F4
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004F50702_2_004F5070
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_0044001D2_2_0044001D
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004F80802_2_004F8080
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004961D02_2_004961D0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004DD2B02_2_004DD2B0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004DC3E02_2_004DC3E0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_0047F7302_2_0047F730
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004DB7E02_2_004DB7E0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004F77F02_2_004F77F0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_0053C8D02_2_0053C8D0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_0040B8E02_2_0040B8E0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004D49B02_2_004D49B0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00491A602_2_00491A60
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00498A802_2_00498A80
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_0049CBF02_2_0049CBF0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00458BA02_2_00458BA0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004F7CA02_2_004F7CA0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004A7D202_2_004A7D20
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_0049AEC02_2_0049AEC0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00493ED02_2_00493ED0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_0048DF602_2_0048DF60
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_005320C02_2_005320C0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004F70E02_2_004F70E0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_005440A02_2_005440A0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_005431602_2_00543160
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004821002_2_00482100
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004A11302_2_004A1130
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004371902_2_00437190
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_0053F2802_2_0053F280
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_0044035F2_2_0044035F
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004F03502_2_004F0350
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004FF3602_2_004FF360
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004F34502_2_004F3450
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_0042F5702_2_0042F570
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004ED7D02_2_004ED7D0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004547AD2_2_004547AD
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_0043C9502_2_0043C950
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004F59602_2_004F5960
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_0043A9182_2_0043A918
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00545A402_2_00545A40
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_0044DA742_2_0044DA74
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00544AE02_2_00544AE0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004F4AA02_2_004F4AA0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004E4B902_2_004E4B90
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00490BA02_2_00490BA0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004EFBA02_2_004EFBA0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004F4CD02_2_004F4CD0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004ECD202_2_004ECD20
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004A1E402_2_004A1E40
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00458E202_2_00458E20
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004F5EB02_2_004F5EB0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004F4F702_2_004F4F70
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004EBFC02_2_004EBFC0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004ECFC02_2_004ECFC0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 00434370 appears 52 times
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 0041ACE0 appears 87 times
                            Source: C:\Users\user\Desktop\file.exeCode function: String function: 6D3D9B35 appears 141 times
                            Source: C:\Users\user\Desktop\file.exeCode function: String function: 6D3DD520 appears 31 times
                            Source: C:\Users\user\Desktop\file.exeCode function: String function: 6D3D90D8 appears 51 times
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 1688
                            Source: file.exeStatic PE information: invalid certificate
                            Source: file.exe, 00000000.00000000.2084139212.0000000000132000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamePushSharp.Android.dllD vs file.exe
                            Source: file.exe, 00000000.00000000.2084139212.0000000000132000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameLandingPage.resources.dllJ vs file.exe
                            Source: file.exe, 00000000.00000002.2100068763.0000000004FD0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameProtect.dll8 vs file.exe
                            Source: file.exe, 00000000.00000002.2092553408.0000000004516000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWindowsApp1.dll8 vs file.exe
                            Source: file.exe, 00000000.00000002.2091064177.0000000000CBE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs file.exe
                            Source: file.exe, 00000000.00000002.2092553408.0000000003ED3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCrossDeviceSettingsHost.exeX vs file.exe
                            Source: file.exe, 00000000.00000002.2101384436.0000000005601000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameProtect.dll8 vs file.exe
                            Source: file.exe, 00000000.00000002.2091064177.0000000000D38000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameProtect.dll8 vs file.exe
                            Source: file.exe, 00000000.00000002.2092553408.0000000003A11000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCrossDeviceSettingsHost.exeX vs file.exe
                            Source: file.exe, 00000000.00000002.2091984595.0000000002A11000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameProtect.dll8 vs file.exe
                            Source: file.exe, 00000000.00000000.2084659498.00000000005A0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameUpdater.exeB vs file.exe
                            Source: file.exe, 00000000.00000002.2091984595.0000000002ADE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCrossDeviceSettingsHost.exeX vs file.exe
                            Source: file.exe, 00000000.00000002.2092553408.00000000046A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWindowsApp1.dll8 vs file.exe
                            Source: file.exe, 00000000.00000002.2100325366.00000000052F8000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameWindowsApp1.dll8 vs file.exe
                            Source: file.exeBinary or memory string: OriginalFilenamePushSharp.Android.dllD vs file.exe
                            Source: file.exeBinary or memory string: OriginalFilenameLandingPage.resources.dllJ vs file.exe
                            Source: file.exeBinary or memory string: OriginalFilenameUpdater.exeB vs file.exe
                            Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                            Source: file.exe, type: SAMPLEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                            Source: 0.0.file.exe.130000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@4/30@2/3
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004DD2B0 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,2_2_004DD2B0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00482100 CreateDirectoryA,CreateDirectoryA,CoInitialize,CoCreateInstance,CoUninitialize,PathFindExtensionA,CopyFileA,Concurrency::cancel_current_task,2_2_00482100
                            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.logJump to behavior
                            Source: C:\Users\user\Desktop\file.exeMutant created: NULL
                            Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1208
                            Source: C:\Users\user\Desktop\file.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Protect544cd51a.dll
                            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dllJump to behavior
                            Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            Source: file.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                            Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: file.exe, 00000000.00000002.2092553408.0000000003ED3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2092553408.0000000003A11000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2092553408.000000000475D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                            Source: file.exe, 00000000.00000002.2092553408.0000000003ED3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2092553408.0000000003A11000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2092553408.000000000475D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.%s SET sql = sqlite_rename_table(sql, %Q), tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
                            Source: 5ImqJntoqRogLogin Data.2.dr, XwfXJKJ1NYY6Login Data For Account.2.dr, KISHi3j12f6KLogin Data.2.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                            Source: file.exeReversingLabs: Detection: 13%
                            Source: MSBuild.exeString found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address
                            Source: file.exeString found in binary or memory: </InstallProperties>
                            Source: file.exeString found in binary or memory: <UpgradeCode Cpu="x86" Code="{B0A6978E-0C6D-4442-ADD0-8A658489D3B1}"/>
                            Source: file.exeString found in binary or memory: </Install>
                            Source: file.exeString found in binary or memory: </Install>
                            Source: file.exeString found in binary or memory: </Install>
                            Source: file.exeString found in binary or memory: <AdditionalArguments>/RULES=SCCCheckRules</AdditionalArguments>
                            Source: file.exeString found in binary or memory: <AdditionalArguments>/FEATURES=SQL_SHARED_MR /UIMODE=AutoAdvance</AdditionalArguments>
                            Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                            Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 1688
                            Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exeJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeSection loaded: sxs.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rstrtmgr.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncrypt.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntasn1.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: d3d11.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dxgi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: resourcepolicyclient.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: d3d10warp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dxcore.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wininet.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: devobj.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: webio.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winnsi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasadhlp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: schannel.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mskeyprotect.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncryptsslp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msasn1.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: gpapi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vaultcli.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dpapi.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windowscodecs.dllJump to behavior
                            Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                            Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                            Source: file.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                            Source: file.exeStatic file information: File size 4762624 > 1048576
                            Source: file.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x46c600
                            Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                            Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\Win32\Release\Protect32.pdb source: file.exe, 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2092553408.0000000004516000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2100325366.0000000005170000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.2092553408.00000000046A1000.00000004.00000800.00020000.00000000.sdmp, Protect544cd51a.dll.0.dr
                            Source: Binary string: c:\Users\kkelsch\Documents\PushNotifications\PushSharp\PushSharp-master\PushSharp.Android\obj\Debug\PushSharp.Android.pdb source: file.exe
                            Source: Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\x64\Release\Protect64.pdb source: file.exe, 00000000.00000002.2100325366.000000000522A000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.2092553408.0000000004447000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2092553408.00000000045D2000.00000004.00000800.00020000.00000000.sdmp
                            Source: file.exeStatic PE information: 0xD06734E6 [Thu Oct 17 21:04:38 2080 UTC]
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D38B6C0 GetModuleHandleW,GetModuleHandleW,LoadLibraryW,GetProcAddress,__cftoe,GetModuleHandleW,GetProcAddress,0_2_6D38B6C0
                            Source: file.exeStatic PE information: real checksum: 0x493e90 should be: 0x491125
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3DCC2B push ecx; ret 0_2_6D3DCC3E
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3DD565 push ecx; ret 0_2_6D3DD578
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_02834B1E pushfd ; retf 0_2_02834B24
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_02834769 push eax; iretd 0_2_02834770
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_04DF1E98 push 2404D6C4h; ret 0_2_04DF1E9D
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00433F49 push ecx; ret 2_2_00433F5C
                            Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dllJump to dropped file
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                            Malware Analysis System Evasion

                            barindex
                            Yara detected AntiVM3
                            Source: Yara matchFile source: Process Memory Space: file.exe PID: 7084, type: MEMORYSTR
                            Found API chain indicative of sandbox detection
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSandbox detection routine: GetCursorPos, DecisionNode, Sleep
                            Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeEvasive API call chain: GetPEB, DecisionNodes, Sleep
                            Found stalling execution ending in API Sleep call
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeStalling execution: Execution stalls by calling Sleep
                            Source: C:\Users\user\Desktop\file.exeMemory allocated: 27F0000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\file.exeMemory allocated: 2A10000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\file.exeMemory allocated: 2850000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetCursorPos,GetCursorPos,GetCursorPos,Sleep,GetCursorPos,Sleep,GetCursorPos,2_2_0045DA50
                            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)
                            Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dllJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
                            Source: C:\Users\user\Desktop\file.exe TID: 3404Thread sleep time: -30000s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\file.exe TID: 6260Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004DD2B0 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,2_2_004DD2B0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004C33B0 FindFirstFileA,FindNextFileA,GetLastError,FindClose,2_2_004C33B0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00491A60 SHGetFolderPathA,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CopyFileA,CredEnumerateA,2_2_00491A60
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004E3B20 FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,std::_Throw_Cpp_error,std::_Throw_Cpp_error,2_2_004E3B20
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00431F8C FindClose,FindFirstFileExW,GetLastError,2_2_00431F8C
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00432012 GetLastError,GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,2_2_00432012
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004913F0 FindFirstFileA,FindNextFileA,GetLastError,FindClose,2_2_004913F0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_0044FC1D FindFirstFileExW,2_2_0044FC1D
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004DD2B0 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,2_2_004DD2B0
                            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 30000Jump to behavior
                            Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: MSBuild.exe, 00000002.00000002.2253258686.00000000011A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWYx
                            Source: Amcache.hve.5.drBinary or memory string: VMware
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: discord.comVMware20,11696487552f
                            Source: Amcache.hve.5.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                            Source: MSBuild.exe, 00000002.00000002.2254441569.0000000005350000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}*\*
                            Source: MSBuild.exe, 00000002.00000002.2253258686.00000000011A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: ms.portal.azure.comVMware20,11696487552
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: global block list test formVMware20,11696487552
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: tasks.office.comVMware20,11696487552o
                            Source: MSBuild.exe, 00000002.00000002.2253258686.0000000001184000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                            Source: Amcache.hve.5.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                            Source: MSBuild.exe, 00000002.00000002.2254441569.0000000005350000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_C21DCF7C*
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: AMC password management pageVMware20,11696487552
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: interactivebrokers.comVMware20,11696487552
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: dev.azure.comVMware20,11696487552j
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                            Source: Amcache.hve.5.drBinary or memory string: vmci.sys
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: outlook.office365.comVMware20,11696487552t
                            Source: Amcache.hve.5.drBinary or memory string: VMware20,1
                            Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Generation Counter
                            Source: Amcache.hve.5.drBinary or memory string: NECVMWar VMware SATA CD00
                            Source: Amcache.hve.5.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                            Source: MSBuild.exe, 00000002.00000002.2254441569.0000000005350000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_C21DCF7C
                            Source: MSBuild.exe, 00000002.00000002.2252816431.00000000010E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000@
                            Source: Amcache.hve.5.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                            Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                            Source: Amcache.hve.5.drBinary or memory string: VMware PCI VMCI Bus Device
                            Source: Amcache.hve.5.drBinary or memory string: VMware VMCI Bus Device
                            Source: Amcache.hve.5.drBinary or memory string: VMware Virtual RAM
                            Source: Amcache.hve.5.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                            Source: Amcache.hve.5.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                            Source: MSBuild.exe, 00000002.00000002.2253258686.00000000011A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}User Data\Default\Local Storage\leveldb\000003.log
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                            Source: Amcache.hve.5.drBinary or memory string: VMware Virtual USB Mouse
                            Source: MSBuild.exe, 00000002.00000002.2253258686.000000000117E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ?\#disk&ven_vmware&prouask#4&1656f219&0&0000f5-b6bf-11d0-94f2-00a08b
                            Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin
                            Source: Amcache.hve.5.drBinary or memory string: VMware, Inc.
                            Source: MSBuild.exe, 00000002.00000002.2254441569.0000000005350000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: bankofamerica.comVMware20,11696487552x
                            Source: Amcache.hve.5.drBinary or memory string: VMware20,1hbin@
                            Source: Amcache.hve.5.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                            Source: Amcache.hve.5.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                            Source: Amcache.hve.5.drBinary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
                            Source: Amcache.hve.5.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                            Source: Amcache.hve.5.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                            Source: Amcache.hve.5.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                            Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin`
                            Source: Amcache.hve.5.drBinary or memory string: \driver\vmci,\driver\pci
                            Source: MSBuild.exe, 00000002.00000002.2254441569.0000000005376000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows
                            Source: MSBuild.exe, 00000002.00000002.2253258686.0000000001172000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
                            Source: Amcache.hve.5.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                            Source: Amcache.hve.5.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: outlook.office.comVMware20,11696487552s
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                            Source: MSBuild.exe, 00000002.00000002.2252816431.00000000010E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
                            Source: Sn1EKiduguQ2Web Data.2.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                            Source: C:\Users\user\Desktop\file.exeAPI call chain: ExitProcess graph end node
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess queried: DebugPortJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess queried: DebugPortJump to behavior
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3D948B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_6D3D948B
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D38B6C0 GetModuleHandleW,GetModuleHandleW,LoadLibraryW,GetProcAddress,__cftoe,GetModuleHandleW,GetProcAddress,0_2_6D38B6C0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004C4130 mov eax, dword ptr fs:[00000030h]2_2_004C4130
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_0045DA50 mov eax, dword ptr fs:[00000030h]2_2_0045DA50
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_0045DA50 mov eax, dword ptr fs:[00000030h]2_2_0045DA50
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00491A60 mov eax, dword ptr fs:[00000030h]2_2_00491A60
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004D3630 mov eax, dword ptr fs:[00000030h]2_2_004D3630
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004EB010 GetProcessHeap,InternetOpenA,InternetOpenUrlA,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,2_2_004EB010
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3D948B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_6D3D948B
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3DB144 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6D3DB144
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00434174 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00434174
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_0043450D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0043450D
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_00438A54 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00438A54
                            Source: C:\Users\user\Desktop\file.exeMemory allocated: page read and write | page guardJump to behavior

                            HIPS / PFW / Operating System Protection Evasion

                            barindex
                            Allocates memory in foreign processes
                            Source: C:\Users\user\Desktop\file.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and writeJump to behavior
                            Contains functionality to inject threads in other processes
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004CC630 VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,VirtualAllocEx,LoadLibraryA,GetProcAddress,WriteProcessMemory,WriteProcessMemory,CreateRemoteThread,WaitForSingleObject,2_2_004CC630
                            Injects a PE file into a foreign processes
                            Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5AJump to behavior
                            Writes to foreign memory regions
                            Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000Jump to behavior
                            Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 401000Jump to behavior
                            Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 55A000Jump to behavior
                            Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 582000Jump to behavior
                            Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 587000Jump to behavior
                            Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 592000Jump to behavior
                            Source: C:\Users\user\Desktop\file.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: B6B008Jump to behavior
                            Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exeJump to behavior
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3D84B0 cpuid 0_2_6D3D84B0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,2_2_004DD2B0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: EnumSystemLocalesW,2_2_0044B1A3
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetLocaleInfoW,2_2_004531B8
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_004532E1
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetLocaleInfoW,2_2_004533E7
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,2_2_004534BD
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetLocaleInfoW,2_2_0044B726
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,2_2_00452B48
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetLocaleInfoW,2_2_00452D4D
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: EnumSystemLocalesW,2_2_00452DF4
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetLocaleInfoEx,FormatMessageA,2_2_00431D84
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: EnumSystemLocalesW,2_2_00452E3F
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: EnumSystemLocalesW,2_2_00452EDA
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,2_2_00452F65
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                            Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D3DA25A GetSystemTimeAsFileTime,__aulldiv,0_2_6D3DA25A
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_004DD2B0 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,2_2_004DD2B0
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 2_2_0044D11E GetTimeZoneInformation,2_2_0044D11E
                            Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                            Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                            Source: Amcache.hve.5.drBinary or memory string: msmpeng.exe
                            Source: Amcache.hve.5.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                            Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                            Source: Amcache.hve.5.drBinary or memory string: MsMpEng.exe

                            Stealing of Sensitive Information

                            barindex
                            Yara detected PureLog Stealer
                            Source: Yara matchFile source: file.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.file.exe.130000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000000.2084139212.0000000000132000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                            Yara detected RisePro Stealer
                            Source: Yara matchFile source: 00000002.00000002.2254441569.0000000005376000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 1208, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\OSzk73DYdvwL_Z1T3wG2Xn4.zip, type: DROPPED
                            Yara detected zgRAT
                            Source: Yara matchFile source: file.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.file.exe.130000.0.unpack, type: UNPACKEDPE
                            Found many strings related to Crypto-Wallets (likely being stolen)
                            Source: MSBuild.exe, 00000002.00000002.2253258686.0000000001172000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
                            Source: MSBuild.exe, 00000002.00000002.2253258686.00000000011A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\ElectronCash\wallets
                            Source: MSBuild.exe, 00000002.00000002.2253258686.00000000011A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Jaxx\Local Storage
                            Source: MSBuild.exe, 00000002.00000002.2253258686.0000000001172000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                            Source: MSBuild.exe, 00000002.00000002.2253258686.0000000001172000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                            Source: MSBuild.exe, 00000002.00000002.2253258686.00000000011A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Binance\app-store.jsontsH
                            Source: MSBuild.exe, 00000002.00000002.2254441569.0000000005350000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                            Source: MSBuild.exe, 00000002.00000002.2253258686.00000000011A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\MultiDoge\multidoge.wallet
                            Source: file.exe, 00000000.00000000.2084139212.0000000000132000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: set_UseMachineKeyStore
                            Source: MSBuild.exe, 00000002.00000002.2254441569.0000000005350000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live*
                            Tries to harvest and steal browser information (history, passwords, etc)
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\logins.jsonJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqliteJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\formhistory.sqliteJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\formhistory.sqliteJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\signons.sqliteJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\logins.jsonJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\signons.sqliteJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_cjelfplplebdjjenllpjcblmjkfcffne_0.indexeddb.leveldb\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_blnieiiffboillknjnepogjhkgnoapac_0.indexeddb.leveldb\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENTJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\places.sqliteJump to behavior
                            Tries to steal Mail credentials (via file / registry access)
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                            Source: Yara matchFile source: 00000002.00000002.2254441569.0000000005350000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 1208, type: MEMORYSTR

                            Remote Access Functionality

                            barindex
                            Yara detected PureLog Stealer
                            Source: Yara matchFile source: file.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.file.exe.130000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000000.2084139212.0000000000132000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                            Yara detected RisePro Stealer
                            Source: Yara matchFile source: 00000002.00000002.2254441569.0000000005376000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 1208, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\OSzk73DYdvwL_Z1T3wG2Xn4.zip, type: DROPPED
                            Yara detected zgRAT
                            Source: Yara matchFile source: file.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.file.exe.130000.0.unpack, type: UNPACKEDPE
                            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_6D38A0C0 CorBindToRuntimeEx,GetModuleHandleW,GetModuleHandleW,__cftoe,GetModuleHandleW,GetProcAddress,0_2_6D38A0C0

                            Mitre Att&ck Matrix

                            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                            Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
                            Native API                            		1
                            DLL Side-Loading                            		1
                            DLL Side-Loading                            		1
                            Disable or Modify Tools                            		1
                            OS Credential Dumping                            		2
                            System Time Discovery                            		Remote Services1
                            Archive Collected Data                            		2
                            Ingress Tool Transfer                            		Exfiltration Over Other Network MediumAbuse Accessibility Features
                            CredentialsDomainsDefault Accounts2
                            Command and Scripting Interpreter                            		Boot or Logon Initialization Scripts411
                            Process Injection                            		1
                            Deobfuscate/Decode Files or Information                            		LSASS Memory1
                            Account Discovery                            		Remote Desktop Protocol2
                            Data from Local System                            		21
                            Encrypted Channel                            		Exfiltration Over BluetoothNetwork Denial of Service
                            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)3
                            Obfuscated Files or Information                            		Security Account Manager2
                            File and Directory Discovery                            		SMB/Windows Admin Shares1
                            Screen Capture                            		1
                            Non-Standard Port                            		Automated ExfiltrationData Encrypted for Impact
                            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                            Timestomp                            		NTDS45
                            System Information Discovery                            		Distributed Component Object Model1
                            Email Collection                            		2
                            Non-Application Layer Protocol                            		Traffic DuplicationData Destruction
                            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                            DLL Side-Loading                            		LSA Secrets151
                            Security Software Discovery                            		SSHKeylogging13
                            Application Layer Protocol                            		Scheduled TransferData Encrypted for Impact
                            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                            Masquerading                            		Cached Domain Credentials141
                            Virtualization/Sandbox Evasion                            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items141
                            Virtualization/Sandbox Evasion                            		DCSync2
                            Process Discovery                            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job411
                            Process Injection                            		Proc Filesystem1
                            Application Window Discovery                            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                            System Owner/User Discovery                            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
                            System Network Configuration Discovery                            		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1431796 Sample: file.exe Startdate: 25/04/2024 Architecture: WINDOWS Score: 100 23 ipinfo.io 2->23 25 fp2e7a.wpc.phicdn.net 2->25 27 2 other IPs or domains 2->27 35 Snort IDS alert for network traffic 2->35 37 Malicious sample detected (through community Yara rule) 2->37 39 Multi AV Scanner detection for submitted file 2->39 41 7 other signatures 2->41 8 file.exe 2 2->8         started        signatures3 process4 file5 19 C:\Users\user\AppData\...\Protect544cd51a.dll, PE32 8->19 dropped 43 Found many strings related to Crypto-Wallets (likely being stolen) 8->43 45 Writes to foreign memory regions 8->45 47 Allocates memory in foreign processes 8->47 49 Injects a PE file into a foreign processes 8->49 12 MSBuild.exe 58 8->12         started        signatures6 process7 dnsIp8 29 45.15.156.9, 49701, 50500 RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU Russian Federation 12->29 31 ipinfo.io 34.117.186.192, 443, 49702 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 12->31 33 db-ip.com 172.67.75.166, 443, 49703 CLOUDFLARENETUS United States 12->33 21 C:\Users\user\...\OSzk73DYdvwL_Z1T3wG2Xn4.zip, Zip 12->21 dropped 51 Tries to steal Mail credentials (via file / registry access) 12->51 53 Found many strings related to Crypto-Wallets (likely being stolen) 12->53 55 Found stalling execution ending in API Sleep call 12->55 57 4 other signatures 12->57 17 WerFault.exe 23 16 12->17         started        file9 signatures10 process11

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            file.exe13%ReversingLabs
                            file.exe100%Joe Sandbox ML

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll0%ReversingLabs
                            C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll0%VirustotalBrowse

                            Unpacked PE Files

                            No Antivirus matches

                            Domains

                            SourceDetectionScannerLabelLink
                            fp2e7a.wpc.phicdn.net0%VirustotalBrowse

                            URLs

                            SourceDetectionScannerLabelLink
                            https://sectigo.com/CPS00%URL Reputationsafe
                            https://sectigo.com/CPS00%URL Reputationsafe
                            http://ocsp.sectigo.com00%URL Reputationsafe
                            http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
                            http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe

                            Domains and IPs

                            Contacted Domains

                            NameIPActiveMaliciousAntivirus DetectionReputation
                            ipinfo.io
                            		34.117.186.192
                            		truefalse
                              		high
                              db-ip.com
                              		172.67.75.166
                              		truefalse
                                		high
                                fp2e7a.wpc.phicdn.net
                                		192.229.211.108
                                		truefalseunknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                https://ipinfo.io/widget/demo/185.152.66.230false
                                  		high
                                  https://db-ip.com/demo/home.php?s=185.152.66.230false
                                    		high

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://duckduckgo.com/chrome_newtabRKYfFZrWSM45Web Data.2.dr, ajumioWrPFqJWeb Data.2.dr, thqzuRPPOYh_Web Data.2.drfalse
                                      		high
                                      https://duckduckgo.com/ac/?q=RKYfFZrWSM45Web Data.2.dr, ajumioWrPFqJWeb Data.2.dr, thqzuRPPOYh_Web Data.2.drfalse
                                        		high
                                        https://sectigo.com/CPS0file.exefalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        https://www.google.com/images/branding/product/ico/googleg_lodp.icoRKYfFZrWSM45Web Data.2.dr, ajumioWrPFqJWeb Data.2.dr, thqzuRPPOYh_Web Data.2.drfalse
                                          		high
                                          http://ocsp.sectigo.com0file.exefalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://db-ip.com:443/demo/home.php?s=185.152.66.230AMSBuild.exe, 00000002.00000002.2253258686.00000000011A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://t.me/RiseProSUPPORTiMSBuild.exe, 00000002.00000002.2254441569.0000000005376000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dllfile.exe, 00000000.00000002.2092553408.0000000003ED3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2092553408.0000000003A11000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2092553408.000000000475D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2251295820.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                		high
                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=RKYfFZrWSM45Web Data.2.dr, ajumioWrPFqJWeb Data.2.dr, thqzuRPPOYh_Web Data.2.drfalse
                                                  		high
                                                  http://upx.sf.netAmcache.hve.5.drfalse
                                                    		high
                                                    https://ipinfo.io/widget/demo/185.152.66.230sxMSBuild.exe, 00000002.00000002.2253258686.0000000001172000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://t.me/RiseProSUPPORTMSBuild.exe, 00000002.00000002.2254441569.0000000005376000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2252816431.00000000010E8000.00000004.00000020.00020000.00000000.sdmp, OSzk73DYdvwL_Z1T3wG2Xn4.zip.2.drfalse
                                                        		high
                                                        https://www.google.com/accounts/ClientLoginfile.exefalse
                                                          		high
                                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=RKYfFZrWSM45Web Data.2.dr, ajumioWrPFqJWeb Data.2.dr, thqzuRPPOYh_Web Data.2.drfalse
                                                            		high
                                                            https://android.apis.google.com/c2dm/sendfile.exefalse
                                                              		high
                                                              https://www.ecosia.org/newtab/RKYfFZrWSM45Web Data.2.dr, ajumioWrPFqJWeb Data.2.dr, thqzuRPPOYh_Web Data.2.drfalse
                                                                		high
                                                                https://ipinfo.io/Mozilla/5.0MSBuild.exe, 00000002.00000002.2253258686.0000000001199000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br3b6N2Xdh3CYwplaces.sqlite.2.drfalse
                                                                    		high
                                                                    https://db-ip.com/demo/home.php?s=185.152.66.230lMSBuild.exe, 00000002.00000002.2253258686.00000000011A4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://ac.ecosia.org/autocomplete?q=RKYfFZrWSM45Web Data.2.dr, ajumioWrPFqJWeb Data.2.dr, thqzuRPPOYh_Web Data.2.drfalse
                                                                        		high
                                                                        http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tfile.exefalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://t.me/risepro_botMSBuild.exe, 00000002.00000002.2254441569.0000000005350000.00000004.00000020.00020000.00000000.sdmp, passwords.txt.2.drfalse
                                                                          		high
                                                                          https://ipinfo.io/MSBuild.exe, 00000002.00000002.2252816431.000000000111E000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2252816431.0000000001100000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2253258686.0000000001199000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000002.00000002.2254441569.0000000005350000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://support.mozilla.org/products/firefoxgro.allizom.troppus.ZAnPVwXvBbYt3b6N2Xdh3CYwplaces.sqlite.2.drfalse
                                                                              		high
                                                                              https://www.maxmind.com/en/locate-my-ip-addressMSBuild.exefalse
                                                                                		high
                                                                                http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#file.exefalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://www.nero.comfile.exefalse
                                                                                  		high
                                                                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchRKYfFZrWSM45Web Data.2.dr, ajumioWrPFqJWeb Data.2.dr, thqzuRPPOYh_Web Data.2.drfalse
                                                                                    		high
                                                                                    https://www.security.us.panasonic.comfile.exefalse
                                                                                      		high
                                                                                      https://ipinfo.io:443/widget/demo/185.152.66.230MSBuild.exe, 00000002.00000002.2253258686.0000000001199000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://db-ip.com/wMSBuild.exe, 00000002.00000002.2254441569.0000000005350000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.winimage.com/zLibDllfile.exe, 00000000.00000002.2092553408.0000000003ED3000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2092553408.0000000003A11000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2092553408.000000000475D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, MSBuild.exe, 00000002.00000002.2251295820.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://support.mozilla.org3b6N2Xdh3CYwplaces.sqlite.2.drfalse
                                                                                              		high
                                                                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=RKYfFZrWSM45Web Data.2.dr, ajumioWrPFqJWeb Data.2.dr, thqzuRPPOYh_Web Data.2.drfalse
                                                                                                		high

                                                                                                World Map of Contacted IPs

                                                                                                • No. of IPs < 25%
                                                                                                • 25% < No. of IPs < 50%
                                                                                                • 50% < No. of IPs < 75%
                                                                                                • 75% < No. of IPs

                                                                                                Public IPs

                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                34.117.186.192
                                                                                                		ipinfo.ioUnited States
                                                                                                		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                45.15.156.9
                                                                                                		unknownRussian Federation
                                                                                                		39493RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRUtrue
                                                                                                172.67.75.166
                                                                                                		db-ip.comUnited States
                                                                                                		13335CLOUDFLARENETUSfalse

                                                                                                General Information

                                                                                                Joe Sandbox version:40.0.0 Tourmaline
                                                                                                Analysis ID:1431796
                                                                                                Start date and time:2024-04-25 19:31:08 +02:00
                                                                                                Joe Sandbox product:CloudBasic
                                                                                                Overall analysis duration:0h 8m 41s
                                                                                                Hypervisor based Inspection enabled:false
                                                                                                Report type:full
                                                                                                Cookbook file name:default.jbs
                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                Number of analysed new started processes analysed:11
                                                                                                Number of new started drivers analysed:0
                                                                                                Number of existing processes analysed:0
                                                                                                Number of existing drivers analysed:0
                                                                                                Number of injected processes analysed:0
                                                                                                Technologies:
                                                                                                • HCA enabled
                                                                                                • EGA enabled
                                                                                                • AMSI enabled
                                                                                                Analysis Mode:default
                                                                                                Analysis stop reason:Timeout
                                                                                                Sample name:file.exe
                                                                                                Detection:MAL
                                                                                                Classification:mal100.troj.spyw.evad.winEXE@4/30@2/3
                                                                                                EGA Information:
                                                                                                • Successful, ratio: 100%
                                                                                                HCA Information:
                                                                                                • Successful, ratio: 82%
                                                                                                • Number of executed functions: 95
                                                                                                • Number of non-executed functions: 298
                                                                                                Cookbook Comments:
                                                                                                • Found application associated with file extension: .exe

                                                                                                Warnings

                                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                • Excluded IPs from analysis (whitelisted): 40.126.7.35, 40.126.28.14, 40.126.28.12, 40.126.28.20, 40.126.28.19, 40.126.28.13, 40.126.28.18, 40.126.28.22, 23.40.205.34, 23.40.205.26, 23.40.205.35, 23.40.205.56, 23.40.205.41, 23.40.205.48, 23.40.205.17, 23.40.205.16, 23.40.205.43, 192.229.211.108, 20.42.73.29, 40.127.169.103, 13.85.23.206, 40.68.123.157, 20.242.39.171
                                                                                                • Excluded domains from analysis (whitelisted): crl.edge.digicert.com, prdv4a.aadg.msidentity.com, crl-symcprod.digicert.com, slscr.update.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, login.msa.msidentity.com, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, ocsp.edge.digicert.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, umwatson.events.data.microsoft.com, crl.verisign.com, www.tm.lg.prod.aadmsa.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                • Report size getting too big, too many NtCreateFile calls found.
                                                                                                • Report size getting too big, too many NtOpenFile calls found.
                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                Simulations

                                                                                                Behavior and APIs

                                                                                                TimeTypeDescription
                                                                                                19:31:55API Interceptor1x Sleep call for process: file.exe modified
                                                                                                19:32:12API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                Joe Sandbox View / Context

                                                                                                IPs

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                34.117.186.192SecuriteInfo.com.Win32.Evo-gen.24318.16217.exeGet hashmaliciousUnknownBrowse
                                                                                                • ipinfo.io/json
                                                                                                SecuriteInfo.com.Win32.Evo-gen.28489.31883.exeGet hashmaliciousUnknownBrowse
                                                                                                • ipinfo.io/json
                                                                                                Raptor.HardwareService.Setup 1.msiGet hashmaliciousUnknownBrowse
                                                                                                • ipinfo.io/ip
                                                                                                Conferma_Pdf_Editor.exeGet hashmaliciousPlanet StealerBrowse
                                                                                                • ipinfo.io/
                                                                                                Conferma_Pdf_Editor.exeGet hashmaliciousPlanet StealerBrowse
                                                                                                • ipinfo.io/
                                                                                                w.shGet hashmaliciousXmrigBrowse
                                                                                                • /ip
                                                                                                Raptor.HardwareService.Setup_2.3.6.0.msiGet hashmaliciousUnknownBrowse
                                                                                                • ipinfo.io/ip
                                                                                                Raptor.HardwareService.Setup_2.3.6.0.msiGet hashmaliciousUnknownBrowse
                                                                                                • ipinfo.io/ip
                                                                                                uUsgzQ3DoW.exeGet hashmaliciousRedLineBrowse
                                                                                                • ipinfo.io/ip
                                                                                                8BZBgbeCcz.exeGet hashmaliciousRedLineBrowse
                                                                                                • ipinfo.io/ip
                                                                                                45.15.156.92qlPnQB9U0.exeGet hashmaliciousUnknownBrowse
                                                                                                • 45.15.156.9/ping.php?hwid=0453C53E
                                                                                                172.67.75.166file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                  file.exeGet hashmaliciousGlupteba, Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                    file.exeGet hashmaliciousAmadey, PureLog Stealer, RedLine, RisePro Stealer, zgRATBrowse
                                                                                                      ygm2mXUReY.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                        file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                          s2dwlCsA95.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                            file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                              TANQUIVUIA.exeGet hashmaliciousLummaC, RisePro StealerBrowse
                                                                                                                oZ8kX4OA5q.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                  S2ruRfajig.exeGet hashmaliciousRisePro StealerBrowse

                                                                                                                    Domains

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    fp2e7a.wpc.phicdn.neto3KyzpE7F4.ps1Get hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                    • 192.229.211.108
                                                                                                                    http://www.jdenviro.caGet hashmaliciousUnknownBrowse
                                                                                                                    • 192.229.211.108
                                                                                                                    https://rro5wktwxr4n.rollout-specialist-assistance-network.cfd/support_case_ID/#8347435238Get hashmaliciousUnknownBrowse
                                                                                                                    • 192.229.211.108
                                                                                                                    https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                    • 192.229.211.108
                                                                                                                    https://r20.rs6.net/tn.jsp?f=001mdupJ4qBb-Nd2_ylzx8HBttlQ9opTAsCLDNaIzR_kjOMUNmpNcZJwTrf1-JKcQms1CJ9Uho976bwGC08_tX5C5noMjVDoDyLOXoK3aopxxStOM8t6wvTBKWgVo18etJYQ_eeHjJ4R2lwkep1pKOUg8VLdGfphtuo&c=&ch=/Er8BdK9PMSuOgr2lskWkeZAKVKx339#?ZnJhbmtfZHJhcGVyQGFvLnVzY291cnRzLmdvdg==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                    • 192.229.211.108
                                                                                                                    http://lyddemper.comGet hashmaliciousUnknownBrowse
                                                                                                                    • 192.229.211.108
                                                                                                                    file.exeGet hashmaliciousPureLog Stealer, RedLine, zgRATBrowse
                                                                                                                    • 192.229.211.108
                                                                                                                    https://runrun.it/share/portal/x1pWDYC5l2f72kuwGet hashmaliciousHTMLPhisherBrowse
                                                                                                                    • 192.229.211.108
                                                                                                                    http://seattlend.comGet hashmaliciousUnknownBrowse
                                                                                                                    • 192.229.211.108
                                                                                                                    https://1drv.ms/o/s!AmFI0faGJpjZhESzK-ltQ-Z_UHmf?e=0OfhLSGet hashmaliciousUnknownBrowse
                                                                                                                    • 192.229.211.108
                                                                                                                    ipinfo.iofile.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                    • 34.117.186.192
                                                                                                                    http://crunchersflowdigital.comGet hashmaliciousUnknownBrowse
                                                                                                                    • 34.117.186.192
                                                                                                                    file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                    • 34.117.186.192
                                                                                                                    file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                    • 34.117.186.192
                                                                                                                    TeaiGames.exeGet hashmaliciousNovaSentinelBrowse
                                                                                                                    • 34.117.186.192
                                                                                                                    ShadowFury.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 34.117.186.192
                                                                                                                    ShadowFury.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 34.117.186.192
                                                                                                                    SOLkM5sa4R.exeGet hashmaliciousPhemedrone StealerBrowse
                                                                                                                    • 34.117.186.192
                                                                                                                    xOiio3LmAO.exeGet hashmaliciousPhemedrone StealerBrowse
                                                                                                                    • 34.117.186.192
                                                                                                                    SOLkM5sa4R.exeGet hashmaliciousPhemedrone StealerBrowse
                                                                                                                    • 34.117.186.192
                                                                                                                    db-ip.comfile.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                    • 104.26.5.15
                                                                                                                    file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                    • 104.26.5.15
                                                                                                                    file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                    • 172.67.75.166
                                                                                                                    ygm2mXUReY.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                    • 172.67.75.166
                                                                                                                    file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                    • 172.67.75.166
                                                                                                                    file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                    • 104.26.5.15
                                                                                                                    2q45IEa3Ee.exeGet hashmaliciousLummaC, RisePro StealerBrowse
                                                                                                                    • 104.26.5.15
                                                                                                                    file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                    • 104.26.4.15
                                                                                                                    SajWKdHxdF.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                    • 104.26.5.15
                                                                                                                    file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                    • 104.26.4.15

                                                                                                                    ASNs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                    • 34.117.186.192
                                                                                                                    0ar3q66pGv.elfGet hashmaliciousMiraiBrowse
                                                                                                                    • 34.116.69.95
                                                                                                                    http://94.156.79.129/x86_64Get hashmaliciousUnknownBrowse
                                                                                                                    • 34.117.121.53
                                                                                                                    http://94.156.79.129/i686Get hashmaliciousUnknownBrowse
                                                                                                                    • 34.117.121.53
                                                                                                                    http://crunchersflowdigital.comGet hashmaliciousUnknownBrowse
                                                                                                                    • 34.117.186.192
                                                                                                                    file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                    • 34.117.186.192
                                                                                                                    https://i.imgur.com/EoTj4iI.pngGet hashmaliciousUnknownBrowse
                                                                                                                    • 34.117.239.71
                                                                                                                    https://i.imgur.com/VlAllek.pngGet hashmaliciousUnknownBrowse
                                                                                                                    • 34.117.239.71
                                                                                                                    https://tibusiness.cl/css/causarol.rarGet hashmaliciousUnknownBrowse
                                                                                                                    • 34.117.188.166
                                                                                                                    file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                    • 34.117.186.192
                                                                                                                    CLOUDFLARENETUSProconGO1121082800.LnK.lnkGet hashmaliciousUnknownBrowse
                                                                                                                    • 104.21.29.223
                                                                                                                    o3KyzpE7F4.ps1Get hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                    • 172.67.74.152
                                                                                                                    http://www.mh3solaroh.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                    • 104.17.246.203
                                                                                                                    https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                    • 172.67.69.226
                                                                                                                    https://www.jottacloud.com/s/3542495a6cd3d7a4aafad5878d671fdee68Get hashmaliciousUnknownBrowse
                                                                                                                    • 162.159.152.4
                                                                                                                    http://email.wantyourfeedback.com/ls/click?upn=u001.PD4nPnyJUo8oiEzSkSGLgaBNAMtLp9U5nstWElDmnpXtySPOXSs4GxXhEZNYegDWlOpy_1gt1aDjd5mPVItYgazWgABkVm-2FZUH6kt1lIvkdtkRWsfoyQV18ixDvOX-2B0tU4ZH6SMN7PC0YJjM3gcvFPvh6CbZuFXlOBXf3FWLiJkpKJ7Hjba3S4-2FzhpmkR8VdprfK8GO3qSu-2BzqpIaLLC-2Bva9kOn7HY5B7OIgz5EOl88o1lnRSRpayTzqRzTSFhtg2Bi-2BI4dAZ7qHRbJ3vb9lcrxBKqAk13I-2BCAvndhSK1Vi4ubCjlp2xQlrXIHfzqmLiSPjl7tEmTsLYr99h3esBOPv8ASLIpf873P512I7xYEOjogT1gQCerfZNqh6K2IdWU6lDJ2r3wpU6ug02vU9Zslw4DYpuNNZQNVtap5mqv9Xf8D1PYQxYI5BK4owXOV2wEXeRIjST24XAw6EO9D1tdiGoHDRaxW2QofayefCuiW9Z191aML90svJWojHiQp1Fq-2BXFLiyEx8V1eLa7dixfJ23RRWtHvg1jOrHp7lqvXRA7dobs-3DGet hashmaliciousHTMLPhisherBrowse
                                                                                                                    • 172.67.223.170
                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 104.21.16.225
                                                                                                                    http://wsj.pmGet hashmaliciousNetSupport RATBrowse
                                                                                                                    • 104.26.0.231
                                                                                                                    https://rro5wktwxr4n.rollout-specialist-assistance-network.cfd/support_case_ID/#8347435238Get hashmaliciousUnknownBrowse
                                                                                                                    • 172.67.222.163
                                                                                                                    https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                    • 104.21.17.5
                                                                                                                    RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRUfile.exeGet hashmaliciousRedLineBrowse
                                                                                                                    • 5.42.65.96
                                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 5.42.66.10
                                                                                                                    file.exeGet hashmaliciousGlupteba, Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                    • 5.42.66.10
                                                                                                                    file.exeGet hashmaliciousGlupteba, Mars Stealer, PureLog Stealer, Vidar, zgRATBrowse
                                                                                                                    • 5.42.66.10
                                                                                                                    file.exeGet hashmaliciousRedLineBrowse
                                                                                                                    • 5.42.65.96
                                                                                                                    c3nBx2HQG2.exeGet hashmaliciousGlupteba, Mars Stealer, Phorpiex, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                    • 5.42.66.10
                                                                                                                    file.exeGet hashmaliciousRedLineBrowse
                                                                                                                    • 5.42.65.96
                                                                                                                    file.exeGet hashmaliciousRedLineBrowse
                                                                                                                    • 5.42.65.50
                                                                                                                    HwJWf67Y5h.exeGet hashmaliciousRedLineBrowse
                                                                                                                    • 5.42.65.50
                                                                                                                    8xFzJWrEIa.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, VidarBrowse
                                                                                                                    • 5.42.65.50

                                                                                                                    JA3 Fingerprints

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    1138de370e523e824bbca92d049a3777o3KyzpE7F4.ps1Get hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                    • 173.222.162.64
                                                                                                                    http://www.jdenviro.caGet hashmaliciousUnknownBrowse
                                                                                                                    • 173.222.162.64
                                                                                                                    Isass.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 173.222.162.64
                                                                                                                    https://www.mavengroupglobal.uk/DYuPhO4h/v?url=qs6eqSurmcWXoQKf6zcjhg6iePdEghHaDt49dq0x39xgLRd6M1#qs6eqSurmcWXoQKf6zcjhg6iePdEghHaDt49dq0x39xgLRd6M1EFEEZ2FicmllbC5wYXJ2dWxlc2N1QGRldXRzY2hlYmFobi5jb20=Get hashmaliciousUnknownBrowse
                                                                                                                    • 173.222.162.64
                                                                                                                    http://ipscanadvsf.comGet hashmaliciousUnknownBrowse
                                                                                                                    • 173.222.162.64
                                                                                                                    https://functional-adhesive-titanium.glitch.me/Get hashmaliciousUnknownBrowse
                                                                                                                    • 173.222.162.64
                                                                                                                    https://www.canva.com/design/DAGDNh45X_4/PPCLYIV4Y8uUaoEW7ZJrJQ/view?utm_content=DAGDNh45X_4&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                                                                    • 173.222.162.64
                                                                                                                    https://bind.bestresulttostart.com/scripts/statistics.js?s=7.8.2Get hashmaliciousUnknownBrowse
                                                                                                                    • 173.222.162.64
                                                                                                                    SWIFT.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                    • 173.222.162.64
                                                                                                                    https://docs.google.com/presentation/d/e/2PACX-1vRA7cYu2pjKyfaCRROgTu4J2OpPGWE_raEqtGhCVl21QDvJzZsVPQtIU_FG6khcCjqxbwzOTOoBBBx6/pub?start=false&loop=false&delayms=3000&slide=id.pGet hashmaliciousUnknownBrowse
                                                                                                                    • 173.222.162.64
                                                                                                                    a0e9f5d64349fb13191bc781f81f42e1SecuriteInfo.com.Win32.Evo-gen.19638.13648.exeGet hashmaliciousDBatLoaderBrowse
                                                                                                                    • 34.117.186.192
                                                                                                                    • 172.67.75.166
                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 34.117.186.192
                                                                                                                    • 172.67.75.166
                                                                                                                    file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                    • 34.117.186.192
                                                                                                                    • 172.67.75.166
                                                                                                                    file.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 34.117.186.192
                                                                                                                    • 172.67.75.166
                                                                                                                    Iu4csQ2rwX.msiGet hashmaliciousAsyncRATBrowse
                                                                                                                    • 34.117.186.192
                                                                                                                    • 172.67.75.166
                                                                                                                    o7b91j8vnJ.exeGet hashmaliciousLummaCBrowse
                                                                                                                    • 34.117.186.192
                                                                                                                    • 172.67.75.166
                                                                                                                    SHEOrder-10524.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                                    • 34.117.186.192
                                                                                                                    • 172.67.75.166
                                                                                                                    file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                    • 34.117.186.192
                                                                                                                    • 172.67.75.166
                                                                                                                    https://56hytuti5.weebly.com/Get hashmaliciousUnknownBrowse
                                                                                                                    • 34.117.186.192
                                                                                                                    • 172.67.75.166
                                                                                                                    udVh4Ist4Z.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                                    • 34.117.186.192
                                                                                                                    • 172.67.75.166

                                                                                                                    Dropped Files

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    C:\Users\user\AppData\Local\Temp\Protect544cd51a.dllfile.exeGet hashmaliciousPureLog Stealer, RedLine, zgRATBrowse
                                                                                                                      MBSetup.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                        MBSetup.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                          file.exeGet hashmaliciousPureLog Stealer, RedLine, zgRATBrowse
                                                                                                                            file.exeGet hashmaliciousPureLog Stealer, RedLine, zgRATBrowse
                                                                                                                              qk9TaBBxh8.exeGet hashmaliciousLummaC, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                                                                                                SecuriteInfo.com.Win64.Evo-gen.32634.31069.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                                                                                  KqWnIt1164.exeGet hashmaliciousPureLog Stealer, Vidar, zgRATBrowse
                                                                                                                                    file.exeGet hashmaliciousPureLog Stealer, RedLine, zgRATBrowse
                                                                                                                                      SecuriteInfo.com.Trojan.Siggen28.25504.27914.23637.exeGet hashmaliciousGlupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse

                                                                                                                                        Created / dropped Files

                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MsBuild.exe_def71577c93c62276593e1719d29da3156f6704e_ada2e197_0b0c9cd9-e953-4c9c-9f50-00a18747cfae\Report.wer

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):65536
                                                                                                                                        Entropy (8bit):1.0621022859166387
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:grxcOS/Pe0xRbSUj/ZrUyjcKzuiFYZ24IO8K:0pS/PFxNSUjyKzuiFYY4IO8K
                                                                                                                                        MD5:5A3499556546AC2813602D089E6AE629
                                                                                                                                        SHA1:05029B18CF13E771D75AE2527C556C6243A83379
                                                                                                                                        SHA-256:70BA775AADA6AC514B17548D812F56E65FFC397ED44FFA2231EDEAF1AEB9A64D
                                                                                                                                        SHA-512:E73D56F6D45BEAF22380001537AB45AB54C1D9B3A96B6379D79CE244B1C30838580BA8F028E438461E125B0F94410642E86DB06EB14762B9C01C251356444010
                                                                                                                                        Malicious:false
                                                                                                                                        Reputation:low
                                                                                                                                        Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.8.5.3.9.9.2.6.0.0.4.0.6.6.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.5.8.5.3.9.9.2.6.5.5.0.9.5.3.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.b.0.c.9.c.d.9.-.e.9.5.3.-.4.c.9.c.-.9.f.5.0.-.0.0.a.1.8.7.4.7.c.f.a.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.3.a.d.a.d.3.2.-.8.d.a.d.-.4.1.9.0.-.b.e.c.c.-.3.2.0.8.5.0.9.c.f.f.3.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.M.s.B.u.i.l.d...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.M.S.B.u.i.l.d...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.4.b.8.-.0.0.0.1.-.0.0.1.5.-.7.b.6.b.-.3.0.7.8.3.6.9.7.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.e.6.2.5.6.a.0.1.5.9.6.8.8.f.0.5.6.0.b.0.1.5.d.a.4.d.9.6.7.f.4.1.c.b.f.8.c.9.b.

                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERFA8D.tmp.dmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                        File Type:Mini DuMP crash report, 15 streams, Thu Apr 25 17:32:06 2024, 0x1205a4 type
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):97528
                                                                                                                                        Entropy (8bit):2.0381716410464814
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:efzP7kKONnWRtvwofOAU5DJ0IJiA+RQVOTSlcsewouEgLmd/yGuV:efzz4NWRtv3+DJ08nVrlchwZEgLZGu
                                                                                                                                        MD5:AA46A6AD07F7C4CFE6AC46C635A0CB59
                                                                                                                                        SHA1:B368770CD37C87A9C51A5499985A9F1191AB0D15
                                                                                                                                        SHA-256:9719708272279139C99BA7215A571A7E9E9FA61C957818339B6321C5F62B27C9
                                                                                                                                        SHA-512:6F3ABAF055E0D053B8A2604F7363669437BFB3D6C8D6E3EA4F4F13726390AED3577D3EF55BE6B5CF22C416D1D14A1FC0F496749A183ACDAC905B6C67A353870E
                                                                                                                                        Malicious:false
                                                                                                                                        Reputation:low
                                                                                                                                        Preview:MDMP..a..... .........*f........................p...........l....$......4....H..........`.......8...........T...........xG...5..........t$..........`&..............................................................................eJ.......&......GenuineIntel............T.............*f.............................0..2...............W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERFBB6.tmp.WERInternalMetadata.xml

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                        File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):6352
                                                                                                                                        Entropy (8bit):3.7251964640546142
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:RSIU6o7wVetbCjM6RsYPizJl59QgaM4UB89b0Gsfdcm:R6l7wVeJCjM6aYP+JlxprB89b0Gsfdcm
                                                                                                                                        MD5:C20ED989FB22C51D1CA8EC173C031EDF
                                                                                                                                        SHA1:F791F1349C977C65B435B676341A2406BA874299
                                                                                                                                        SHA-256:D11227945EDFBA35396D5A25ADB506DBC7EDA1423D16D9C480D77E950592394E
                                                                                                                                        SHA-512:691BAA0895D7F74A2B44AC0B3E410B2394634A0DD1285768CBC5BE1C1A6B1AFE432A4E321B4CECCD4DCF3CBE71B48D36D73F7AF62677867285536B759839EDB2
                                                                                                                                        Malicious:false
                                                                                                                                        Reputation:low
                                                                                                                                        Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.2.0.8.<./.P.i.

                                                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERFC06.tmp.xml

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):4692
                                                                                                                                        Entropy (8bit):4.508406370116364
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:cvIwWl8zsaJg77aI9LQWpW8VYRYm8M4JCxu7GFzm+q87sFTmLhgd:uIjfoI7Fp7VVJ3zmLhgd
                                                                                                                                        MD5:3A225A83EA5318F31129D70BDEDCA11D
                                                                                                                                        SHA1:09A2155C75D37EFEEBB6C6F3C43E5070703CDEC5
                                                                                                                                        SHA-256:161B14A18BF652CB5BF63A2631F1F5E538094791E657AE54D42AC4498F032F5F
                                                                                                                                        SHA-512:61ABB254F0A447EE87DCF4EE575AB076A2A2441DEFA6E6963AE077BE71CDFB557E327A96EC6CAFB1A9A7DDD12B6E5A8B91B2E8BBABD667F36BB2FCEA69B14D7F
                                                                                                                                        Malicious:false
                                                                                                                                        Reputation:low
                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="295714" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):522
                                                                                                                                        Entropy (8bit):5.358731107079437
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:Q3La/hz92n4M9tDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:MLU84qpE4KlKDE4KhKiKhk
                                                                                                                                        MD5:93E4C46884CB6EE7CDCC4AACE78CDFAC
                                                                                                                                        SHA1:29B12D9409BA9AFE4C949F02F7D232233C0B5228
                                                                                                                                        SHA-256:2690023A62F22AB7B27B09351205BA31173B50B77ACA89A5759EDF29A1FB17F7
                                                                                                                                        SHA-512:E9C3E2FCEE4E13F7776665295A4F6085002913E011BEEF32C8E7065140937DDE1963182B547CC75110BF32AE5130A6686D5862076D5FFED9241F183B9217FA4D
                                                                                                                                        Malicious:false
                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

                                                                                                                                        C:\Users\user\AppData\Local\Temp\OSzk73DYdvwL_Z1T3wG2Xn4.zip

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):682006
                                                                                                                                        Entropy (8bit):7.997821475350119
                                                                                                                                        Encrypted:true
                                                                                                                                        SSDEEP:12288:+QcR56i/pWKR511jn0+xV8EY+hA6gCmyM9LWYYxlVf7xgronZ2R5ZqPvzHqcOi:U56Ls7jnPWE+usLZWlVf7n65oDHqxi
                                                                                                                                        MD5:9CAFD5A0DB5D9BFB92CF3D3D168DE347
                                                                                                                                        SHA1:71B009683EC596D425DEEE656D14F6D2F285BAF7
                                                                                                                                        SHA-256:2B2314AE556A2FA4149D10E602C29BD392C22F658A6DD412F184BB19A4D60C44
                                                                                                                                        SHA-512:DE699E430D5A49EC1E9637BD9E6701FAB474AC6F38F6FE53357C58AD68D1AB6065AAE99EE1A8D895BFA566B6A592DCF775FBFE3A9EEB32E56B06426C4D3F3E18
                                                                                                                                        Malicious:true
                                                                                                                                        Yara Hits:
                                                                                                                                        • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: C:\Users\user\AppData\Local\Temp\OSzk73DYdvwL_Z1T3wG2Xn4.zip, Author: Joe Security
                                                                                                                                        Reputation:low
                                                                                                                                        Preview:PK...........X................Cookies\..PK...........XA.`%............Cookies\Chrome_Default.txt....@.........i.&h.Cn..L...\.FA@.~..v7..O...%!es.f..../S..a...@.,ek.%.H......</<2..,...I..w......1q.f.F+PiM.=h.5..2....0....O..u_.~}Z.UM........y...Rj..4H..D...xLY@....[.d.c&......G_............j%q%....Y.|.....P...u..u..85/..Z`...-..c...^A8n...Y.3......j.G!....c.....AM@!._W.yQbs.@.....h.y.-......|J..i...r....c....M...E...GS...C....X..C.U..v.%......C,.L0,......5.=....6.....PK...........X*.x.[...s.......information.txtuX.n.8.}7.. ./..Vy'.u.l..n..i...A.hG.,...8..._..s..E..p4<3sfH.l....ef.....}7u.W...(......5C4...FT ....b.(..7I..4...(6.......+...4[...,.ZfX.{..[....R.8.H.&.B.........%....i.S..L..Q....f..%6)Q<..P-.....x....zh..<...Z....|.g.l.CU.\...G.3./&.Y.}d...q..C^{'.K..k........!Y|..X..f..u...?l..<...-..+.7-""h$eD....g.....w4.ER...qy.NF;[..hN.h.(t....D0..+t....~o\m.;kj...2D..Rt{.m.......3iy....]..f[$.hj...u\..xO\....$.z......E...<....V...r]...:..sk2.9/.Y

                                                                                                                                        C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):760320
                                                                                                                                        Entropy (8bit):6.561572491684602
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12288:wCMz4nuvURpZ4jR1b2Ag+dQMWCD8iN2+OeO+OeNhBBhhBBgoo+A1AW8JwkaCZ+36:wCs4uvW4jfb2K90oo+C8JwUZc0
                                                                                                                                        MD5:544CD51A596619B78E9B54B70088307D
                                                                                                                                        SHA1:4769DDD2DBC1DC44B758964ED0BD231B85880B65
                                                                                                                                        SHA-256:DFCE2D4D06DE6452998B3C5B2DC33EAA6DB2BD37810D04E3D02DC931887CFDDD
                                                                                                                                        SHA-512:F56D8B81022BB132D40AA78596DA39B5C212D13B84B5C7D2C576BBF403924F1D22E750DE3B09D1BE30AEA359F1B72C5043B19685FC9BF06D8040BFEE16B17719
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                        Joe Sandbox View:
                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: MBSetup.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: MBSetup.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: qk9TaBBxh8.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: SecuriteInfo.com.Win64.Evo-gen.32634.31069.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: KqWnIt1164.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: SecuriteInfo.com.Trojan.Siggen28.25504.27914.23637.exe, Detection: malicious, Browse
                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v...2...2...2...]...6....f..0...)=..,...)=....;...;...2.~.C...)=..i...)=......)=..3...)=..3...Rich2...........PE..L....#da...........!.....(...n...............@......................................(.....@.............................C.......x................................n...B..................................@............@...............................text....&.......(.................. ..`.rdata......@.......,..............@..@.data...`...........................@....rsrc...............................@..@.reloc..R...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\span8ZtiuIBRtR58\02zdBXl47cvzcookies.sqlite

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):98304
                                                                                                                                        Entropy (8bit):0.08235737944063153
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                        MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                        SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                        SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                        SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                        Malicious:false
                                                                                                                                        Reputation:high, very likely benign file
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\span8ZtiuIBRtR58\1k08OjVYyhv3History

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):155648
                                                                                                                                        Entropy (8bit):0.5407252242845243
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                        MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                        SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                        SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                        SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\span8ZtiuIBRtR58\3b6N2Xdh3CYwplaces.sqlite

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                        File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):5242880
                                                                                                                                        Entropy (8bit):0.0357803477377646
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:58rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJK:58r54w0VW3xWB0VaI4
                                                                                                                                        MD5:76D181A334D47872CD2E37135CC83F95
                                                                                                                                        SHA1:B563370B023073CE6E0F63671AA4AF169ABBF4E1
                                                                                                                                        SHA-256:52D831CC6F56C3A25EB9238AAF25348E1C4A3D361DFE7F99DB1D37D89A0057FD
                                                                                                                                        SHA-512:23E0D43E4785E5686868D5448628718720C5A8D9328EE814CB77807260F7CDA2D01C5DEE8F58B5713F4F09319E6CB7AB24725078C01322BAE04777418A49A9F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\span8ZtiuIBRtR58\5ImqJntoqRogLogin Data

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):51200
                                                                                                                                        Entropy (8bit):0.8745947603342119
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:aZ8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:W8yLG7IwRWf4
                                                                                                                                        MD5:378391FDB591852E472D99DC4BF837DA
                                                                                                                                        SHA1:10CB2CDAD4EDCCACE0A7748005F52C5251F6F0E0
                                                                                                                                        SHA-256:513C63B0E44FFDE2B4E511A69436799A8B59585CB0EB5CCFDA7A9A8F06BA4808
                                                                                                                                        SHA-512:F099631BEC265A6E8E4F8808270B57FFF28D7CBF75CC6FA046BB516E8863F36E8506C7A38AD682132FCB1134D26326A58F5B588B9EC9604F09FD7155B2AEF2DA
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\span8ZtiuIBRtR58\D87fZN3R3jFeplaces.sqlite

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                        File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):5242880
                                                                                                                                        Entropy (8bit):0.0357803477377646
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:58rJQaXoMXp0VW9FxWwJU0VnQphI1mJ/8GJK:58r54w0VW3xWB0VaI4
                                                                                                                                        MD5:76D181A334D47872CD2E37135CC83F95
                                                                                                                                        SHA1:B563370B023073CE6E0F63671AA4AF169ABBF4E1
                                                                                                                                        SHA-256:52D831CC6F56C3A25EB9238AAF25348E1C4A3D361DFE7F99DB1D37D89A0057FD
                                                                                                                                        SHA-512:23E0D43E4785E5686868D5448628718720C5A8D9328EE814CB77807260F7CDA2D01C5DEE8F58B5713F4F09319E6CB7AB24725078C01322BAE04777418A49A9F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\span8ZtiuIBRtR58\KISHi3j12f6KLogin Data

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\span8ZtiuIBRtR58\RKYfFZrWSM45Web Data

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.136471148832945
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                        MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                        SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                        SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                        SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\span8ZtiuIBRtR58\Sn1EKiduguQ2Web Data

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):196608
                                                                                                                                        Entropy (8bit):1.1239949490932863
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                                        MD5:271D5F995996735B01672CF227C81C17
                                                                                                                                        SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                                        SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                                        SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\span8ZtiuIBRtR58\XJMhsXwyh3XQCookies

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 6
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.8508558324143882
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:24:TLlF1kwNbXYFpFNYcw+6UwcQVXH5fBaJvWKC0ABndzGrW7swaE:TxFawNLopFgU10XJBaEKQxdgQsw
                                                                                                                                        MD5:933D6D14518371B212F36C3835794D75
                                                                                                                                        SHA1:92D056D912B3C0260D379330D3CC0359B57A322B
                                                                                                                                        SHA-256:55390EE61FB85370A8A7F51A8DD5374F7B1801D1D7DF09D6A90CDD74ED6E7D1E
                                                                                                                                        SHA-512:EAC706D8A579500EADA26FB9883E1F3CE9112A03F38EE78B11B393AB0A3285945F8E06EB406BFC17D1CB540F840E435E515FABFC265399CE6F5193980FDE3F2C
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\span8ZtiuIBRtR58\XwfXJKJ1NYY6Login Data For Account

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):40960
                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\span8ZtiuIBRtR58\ajumioWrPFqJWeb Data

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.136471148832945
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                        MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                        SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                        SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                        SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\span8ZtiuIBRtR58\eMxEXdLM25EuHistory

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):155648
                                                                                                                                        Entropy (8bit):0.5407252242845243
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                        MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                        SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                        SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                        SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\span8ZtiuIBRtR58\ehuS8lsYyNyrHistory

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):159744
                                                                                                                                        Entropy (8bit):0.5394293526345721
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                        MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                        SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                        SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                        SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\span8ZtiuIBRtR58\iVComgRBB9Y1Cookies

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):20480
                                                                                                                                        Entropy (8bit):0.6732424250451717
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                        MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                        SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                        SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                        SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\span8ZtiuIBRtR58\owW251H0_itRWeb Data

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):196608
                                                                                                                                        Entropy (8bit):1.1239949490932863
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                                        MD5:271D5F995996735B01672CF227C81C17
                                                                                                                                        SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                                        SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                                        SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\span8ZtiuIBRtR58\qGXIM4UI3tzeWeb Data

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):196608
                                                                                                                                        Entropy (8bit):1.1239949490932863
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                                                                        MD5:271D5F995996735B01672CF227C81C17
                                                                                                                                        SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                                                                        SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                                                                        SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\span8ZtiuIBRtR58\rZ5_naNfUpjNHistory

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):159744
                                                                                                                                        Entropy (8bit):0.5394293526345721
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                                                                                        MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                                                                                        SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                                                                                        SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                                                                                        SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\span8ZtiuIBRtR58\thqzuRPPOYh_Web Data

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):106496
                                                                                                                                        Entropy (8bit):1.136471148832945
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c1/k4:MnlyfnGtxnfVuSVumEH1s4
                                                                                                                                        MD5:37B1FC046E4B29468721F797A2BB968D
                                                                                                                                        SHA1:50055EF1C50E4C1A7CCF7D00620E95128E4C448B
                                                                                                                                        SHA-256:7BBD5DFC9026E0D477B027B9A2A3F022F2E72FC9B4E05E697461A00677AE8EFD
                                                                                                                                        SHA-512:1D8A0F0AE76E5A1CF131F6D2C5156EA4204449942210EF029D5B018464355DBF94E2D8ABD6A5A9CDFE4271DCD22703BF26ECE8FEE902E122184680F1BB001149
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\trixy8ZtiuIBRtR58\Cookies\Chrome_Default.txt

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                        File Type:ASCII text, with very long lines (369), with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):530
                                                                                                                                        Entropy (8bit):6.005544722730675
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:c7F2v4kMx/6UsMbf4/LJPhvkRj6a9kuEYTCRopYxOOVtouEYv:SCJyHXbfQJPh8RdkYiFoYv
                                                                                                                                        MD5:987FB1A1830B0EB5C0D306F8A2DE9981
                                                                                                                                        SHA1:8374E6320AD99C3FF177A9889F1AB75448F6EB19
                                                                                                                                        SHA-256:5EF24A6CE57CA3048431555909EC23CD5494DA76845F84271946442249DDA891
                                                                                                                                        SHA-512:9E2A48264084B79051FC275DD7780A5552B56220459A1CDDBE6F6A307FE0E5759AE20BC243D085D9734153879AC4E66233AB83F92551DD8092EABF85B16F2D15
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:.google.com.TRUE./.TRUE.1712298002.NID.ENC893*_djEwx6CLkXLg8AuSZWCgylmAsMNnd1LSfbcL+IfCgMvX/m5IrzdSwxt6X6n5S6C7wCoUoWvuixZpzrMizGZc5ohIpmsvlOrGTOhFkQ4+lCF6fVH0QNPBBb27o2nXM8em7EAYS1bYZC2LV04SqpgyxJmdfFA7UyWUoK8kFZQDRl0vdOzWdvAoumw2skuCCtJC2oG3z3OYbLTLDbM7wYvVmfDeqtnZRihAAt+ptqI6cfY1a+KO9XP+4XkDSXW7JhsexYHBqzSSBmUisGZ7f9E=_DrTFYLsM7YVgEN6pCv/RXeb8Bq748EwHbsLCIGv1kEc=*...google.com.FALSE./.TRUE.1699078840.1P_JAR.ENC893*_djEwZKzV9KAslchfQWnVTck71JHMVRC24lvAWgdl5WpYIXlINsbQSVWzkKU=_DrTFYLsM7YVgEN6pCv/RXeb8Bq748EwHbsLCIGv1kEc=*..

                                                                                                                                        C:\Users\user\AppData\Local\Temp\trixy8ZtiuIBRtR58\information.txt

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                        File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):5235
                                                                                                                                        Entropy (8bit):5.27855255136043
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:96:xzEbGMbZR+4cBC1IUlzhgOoCwIwqHNUbg3x:xyA484IUlzhCkPB
                                                                                                                                        MD5:E4FBCFE92EFEEB6B1C6A4E3ED636DBCE
                                                                                                                                        SHA1:F89BFA91ADA6DA08406B3E9C7FDF03307354B648
                                                                                                                                        SHA-256:272F650CA750D4B6395619C1955AD1E573493299F35D73CFB828AB4ED18286C7
                                                                                                                                        SHA-512:E2FC1F66DCEA82B53189334AB6373EE39315FAF1AB5FD729C6CD3A5EDF64CA908A364D720D3BE3810F168A1FB8816EBB9E21E583DAF9336FFBE13A6BE5B4E3CE
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:Build: default..Version: 1.9....Date: Thu Apr 25 19:32:02 2024.MachineID: 9e146be9-c76a-4720-bcdb-53011b87bd06..GUID: {a33c7340-61ca-11ee-8c18-806e6f6e6963}..HWID: c7766ca3d22cf075ef0ab0ec174d9757....Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe..Work Dir: C:\Users\user\AppData\Local\Temp\trixy8ZtiuIBRtR58....IP: 185.152.66.230..Location: US, Atlanta..ZIP (Autofills): -..Windows: Windows 10 Pro [x64]..Computer Name: 632922 [WORKGROUP]..User Name: user..Display Resolution: 1280x1024..Display Language: en-CH..Keyboard Languages: English (United Kingdom) / English (United Kingdom)..Local Time: 25/4/2024 19:32:2..TimeZone: UTC1....[Hardware]..Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..CPU Count: 4..RAM: 8191 MB..VideoCard #0: Microsoft Basic Display Adapter....[Processes]..System [4]..Registry [92]..smss.exe [328]..csrss.exe [412]..wininit.exe [488]..csrss.exe [496]..winlogon.exe [560]..services.exe [632]..lsass.exe [652]..svchost.exe [752]..fontdrvhost.ex

                                                                                                                                        C:\Users\user\AppData\Local\Temp\trixy8ZtiuIBRtR58\passwords.txt

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                        File Type:Unicode text, UTF-8 text, with CRLF, LF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):4897
                                                                                                                                        Entropy (8bit):2.518316437186352
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:48:4MMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMM3:q
                                                                                                                                        MD5:B3E9D0E1B8207AA74CB8812BAAF52EAE
                                                                                                                                        SHA1:A2DCE0FB6B0BBC955A1E72EF3D87CADCC6E3CC6B
                                                                                                                                        SHA-256:4993311FC913771ACB526BB5EF73682EDA69CD31AC14D25502E7BDA578FFA37C
                                                                                                                                        SHA-512:B17ADF4AA80CADC581A09C72800DA22F62E5FB32953123F2C513D2E88753C430CC996E82AAE7190C8CB3340FCF2D9E0D759D99D909D2461369275FBE5C68C27A
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\trixy8ZtiuIBRtR58\screenshot.png

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                        File Type:PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):696846
                                                                                                                                        Entropy (8bit):7.928457778712357
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12288:GpBR/apVusFK4760HQTTU90uDFYW4RHvdAFVC+Z1tThdI0:0ypVnFK10wTayHvdAr3jpn
                                                                                                                                        MD5:5B67D05DE36D6DE59CEBEDB5BCF362BA
                                                                                                                                        SHA1:2FC22244D17F195093C02A89D9D25FB31C78D44A
                                                                                                                                        SHA-256:61BD9D829E477E72531A86090A9CD2AA5BA96234AF1A9DD94E17F2A86E128362
                                                                                                                                        SHA-512:93AEFAC0B00C50B453F6F4A48B82F7B4CBF1A86F516898E0A8CFF45E0F7B54A70F960A0846D61E7FF9ED2429BA76BEA148522C0C721EDB8420C113223D1667DD
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:.PNG........IHDR................C....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..w.mU.....O>VWW...}...mY...U.o.....R..Dr...E.s..E2.A..E.1TiY...$.$"... ....o.c...5....k....u.......s...r.}=c.N._V..><.4wbjE...:..C.0?t.O.....~yt:..;...^._.L.t.}M....:f...OT./=....$..........91udL......xt..Y..HL....H........=.C.....5..n...4.......fO....L........?.|.....c1U...=s...[.}.j..w....2.1..@..i.Y..#w.L}..........?.......o........i}bQ..{R....'-..5...N...w.2.E.z..3..V3...=.[..[2e...c..sS..X.x.1....y..-..r..|...}}.y.u.7.X-....,z....7^.[b.W......,Iy.1{t....1..5.R...R\k....=k...%oL{50.<t.puF.=.ic..xC.t...WU..pe..X.....yu.-...j..R..)......zU5..Uw.+..N..>.oH..b...i..~M.<.,K..b).v)y.....<.xQ...e...T..m.qX...........v.,....6.|.k.e..}S.si..........%.].}.....Lm.q...G-.a...Z..l{Q.[..e..;..&|--1..4}.%._.[..[.].....?.0..z.6.I......0.h....g..m}q..#6.U.w.t.-...6.0..n..7A.......%[.}......Jk.Ls[....x..)o...E...>1.....s.N.y.y>...V.M..y....1..z\.9]O

                                                                                                                                        C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                        File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):1835008
                                                                                                                                        Entropy (8bit):4.469505897938806
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:6144:KzZfpi6ceLPx9skLmb0fpZWSP3aJG8nAgeiJRMMhA2zX4WABluuN9jDH5S:MZHtpZWOKnMM6bFpLj4
                                                                                                                                        MD5:D7ABD3C6460F51E33949A8DDD45B7B82
                                                                                                                                        SHA1:E11C14BED39EA7D6474D9697DE2714713E04D4F9
                                                                                                                                        SHA-256:A81525CF47DA91BB6E792558EA4D26FFA656C2F6B679AF6CBF53B015060C8804
                                                                                                                                        SHA-512:2FB963466C64B8BAECF46FF0D1D2961D1321B5683C4D42B08C37B529E9376B7B7570D60FE1539B49BF5F1B309F13B9DECEA4E35AE155B64905F041D5A365BC8F
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmr..}6................................................................................................................................................................................................................................................................................................................................................?.I........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        Static File Info

                                                                                                                                        General

                                                                                                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                        Entropy (8bit):7.733071191641008
                                                                                                                                        TrID:
                                                                                                                                        • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                        • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                        File name:file.exe
                                                                                                                                        File size:4'762'624 bytes
                                                                                                                                        MD5:cc800aee4d8f6b42601be444e284354e
                                                                                                                                        SHA1:ef00c39a62b2b5cc4ccd2fea63c0dfa8aadb85c2
                                                                                                                                        SHA256:d0295c334677da7ca28746b3feff2e82320314322d99af837090c4e87b362479
                                                                                                                                        SHA512:74eb53b7653def8071c07e79bee1ccfda54376abf535808c16738f67485ef72f33e6fc414d8121316c1cc9513432ae3ee378eff5cf84c54b407c498c3f1ac65b
                                                                                                                                        SSDEEP:98304:pt446QPQze9203h4vkuGFGjXRiZnhq6iQ:pt44WewZvnojq+
                                                                                                                                        TLSH:BC26D009F9D4E952D2360B33D5B294909F789793A612D31EBD8D236B0FB33D74A87242
                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....4g...............P...F..L......>.F.. ....G...@.. ........................H......>I...@................................

                                                                                                                                        File Icon

                                                                                                                                        Icon Hash:1bebebbb1330b0b4

                                                                                                                                        Static PE Info

                                                                                                                                        General

                                                                                                                                        Entrypoint:0x86e43e
                                                                                                                                        Entrypoint Section:.text
                                                                                                                                        Digitally signed:true
                                                                                                                                        Imagebase:0x400000
                                                                                                                                        Subsystem:windows gui
                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                        Time Stamp:0xD06734E6 [Thu Oct 17 21:04:38 2080 UTC]
                                                                                                                                        TLS Callbacks:
                                                                                                                                        CLR (.Net) Version:
                                                                                                                                        OS Version Major:4
                                                                                                                                        OS Version Minor:0
                                                                                                                                        File Version Major:4
                                                                                                                                        File Version Minor:0
                                                                                                                                        Subsystem Version Major:4
                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                        Authenticode Signature

                                                                                                                                        Signature Valid:false
                                                                                                                                        Signature Issuer:CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
                                                                                                                                        Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                        Error Number:-2146869232
                                                                                                                                        Not Before, Not After
                                                                                                                                        • 20/04/2006 02:00:00 23/06/2009 01:59:59
                                                                                                                                        Subject Chain
                                                                                                                                        • CN=Nero AG, OU=LEGAL DEPARTMENT, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Nero AG, L=Karlsbad, S=Baden Wuerttemberg, C=DE
                                                                                                                                        Version:3
                                                                                                                                        Thumbprint MD5:C48DBFFD180F94F26AB3DC1B8E78C8E8
                                                                                                                                        Thumbprint SHA-1:E8A8C13FA05F0DA35C8D97DC8A5538EED12F2ACA
                                                                                                                                        Thumbprint SHA-256:6834AA263EE7E7B7B4B1A4DC100F38004B67B28600EAF3A248C815732380CD46
                                                                                                                                        Serial:2A6AD44A4642FB73942CA2B92DEB3D34

                                                                                                                                        Entrypoint Preview

                                                                                                                                        Instruction
                                                                                                                                        jmp dword ptr [00402000h]
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al
                                                                                                                                        add byte ptr [eax], al

                                                                                                                                        Data Directories

                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x46e3f00x4b.text
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x4700000x149f8.rsrc
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x4896d80x1528
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x4860000xc.reloc
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                        Sections

                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                        .text0x20000x46c4440x46c60064841bee10faae510132be7d071fc184unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                        .rsrc0x4700000x149f80x14a00362a703d3665438ec5df85fbbb8fda6eFalse0.29902935606060604data4.40689577384239IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                        .reloc0x4860000xc0x2000e1147364fb3abca735361f7d12e0f5bFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                        Resources

                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                        RT_ICON0x4701c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 10240.7127659574468085
                                                                                                                                        RT_ICON0x4706280x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.5084427767354597
                                                                                                                                        RT_ICON0x4716d00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 92160.408402489626556
                                                                                                                                        RT_ICON0x473c780x10828Device independent bitmap graphic, 128 x 256 x 32, image size 655360.2596415473796285
                                                                                                                                        RT_GROUP_ICON0x4844a00x3edata0.7741935483870968
                                                                                                                                        RT_VERSION0x4844e00x32cdata0.43842364532019706
                                                                                                                                        RT_MANIFEST0x48480c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                        Imports

                                                                                                                                        DLLImport
                                                                                                                                        mscoree.dll_CorExeMain

                                                                                                                                        Network Behavior

                                                                                                                                        Snort IDS Alerts

                                                                                                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                        04/25/24-19:32:04.905698TCP2046269ET TROJAN [ANY.RUN] RisePro TCP (Activity)4970150500192.168.2.645.15.156.9
                                                                                                                                        04/25/24-19:31:58.542658TCP2046266ET TROJAN [ANY.RUN] RisePro TCP (Token)505004970145.15.156.9192.168.2.6
                                                                                                                                        04/25/24-19:31:58.314749TCP2049060ET TROJAN RisePro TCP Heartbeat Packet4970150500192.168.2.645.15.156.9

                                                                                                                                        Network Port Distribution

                                                                                                                                        TCP Packets

                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                        Apr 25, 2024 19:31:53.124190092 CEST49674443192.168.2.6173.222.162.64
                                                                                                                                        Apr 25, 2024 19:31:53.124191999 CEST49673443192.168.2.6173.222.162.64
                                                                                                                                        Apr 25, 2024 19:31:53.452353954 CEST49672443192.168.2.6173.222.162.64
                                                                                                                                        Apr 25, 2024 19:31:58.056328058 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:31:58.298806906 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:31:58.298949957 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:31:58.314749002 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:31:58.542658091 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:31:58.592987061 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:31:58.597765923 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:31:58.835417986 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:31:58.889828920 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:31:58.952457905 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:31:58.994482994 CEST49702443192.168.2.634.117.186.192
                                                                                                                                        Apr 25, 2024 19:31:58.994525909 CEST4434970234.117.186.192192.168.2.6
                                                                                                                                        Apr 25, 2024 19:31:58.994604111 CEST49702443192.168.2.634.117.186.192
                                                                                                                                        Apr 25, 2024 19:31:58.997812033 CEST49702443192.168.2.634.117.186.192
                                                                                                                                        Apr 25, 2024 19:31:58.997824907 CEST4434970234.117.186.192192.168.2.6
                                                                                                                                        Apr 25, 2024 19:31:59.230861902 CEST4434970234.117.186.192192.168.2.6
                                                                                                                                        Apr 25, 2024 19:31:59.230933905 CEST49702443192.168.2.634.117.186.192
                                                                                                                                        Apr 25, 2024 19:31:59.235383034 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:31:59.235589027 CEST49702443192.168.2.634.117.186.192
                                                                                                                                        Apr 25, 2024 19:31:59.235596895 CEST4434970234.117.186.192192.168.2.6
                                                                                                                                        Apr 25, 2024 19:31:59.235990047 CEST4434970234.117.186.192192.168.2.6
                                                                                                                                        Apr 25, 2024 19:31:59.280419111 CEST49702443192.168.2.634.117.186.192
                                                                                                                                        Apr 25, 2024 19:31:59.285804033 CEST49702443192.168.2.634.117.186.192
                                                                                                                                        Apr 25, 2024 19:31:59.328144073 CEST4434970234.117.186.192192.168.2.6
                                                                                                                                        Apr 25, 2024 19:31:59.476887941 CEST4434970234.117.186.192192.168.2.6
                                                                                                                                        Apr 25, 2024 19:31:59.476998091 CEST4434970234.117.186.192192.168.2.6
                                                                                                                                        Apr 25, 2024 19:31:59.477044106 CEST49702443192.168.2.634.117.186.192
                                                                                                                                        Apr 25, 2024 19:31:59.479279995 CEST49702443192.168.2.634.117.186.192
                                                                                                                                        Apr 25, 2024 19:31:59.479299068 CEST4434970234.117.186.192192.168.2.6
                                                                                                                                        Apr 25, 2024 19:31:59.479310036 CEST49702443192.168.2.634.117.186.192
                                                                                                                                        Apr 25, 2024 19:31:59.479315996 CEST4434970234.117.186.192192.168.2.6
                                                                                                                                        Apr 25, 2024 19:31:59.598583937 CEST49703443192.168.2.6172.67.75.166
                                                                                                                                        Apr 25, 2024 19:31:59.598615885 CEST44349703172.67.75.166192.168.2.6
                                                                                                                                        Apr 25, 2024 19:31:59.598678112 CEST49703443192.168.2.6172.67.75.166
                                                                                                                                        Apr 25, 2024 19:31:59.599237919 CEST49703443192.168.2.6172.67.75.166
                                                                                                                                        Apr 25, 2024 19:31:59.599247932 CEST44349703172.67.75.166192.168.2.6
                                                                                                                                        Apr 25, 2024 19:31:59.830699921 CEST44349703172.67.75.166192.168.2.6
                                                                                                                                        Apr 25, 2024 19:31:59.830768108 CEST49703443192.168.2.6172.67.75.166
                                                                                                                                        Apr 25, 2024 19:31:59.833993912 CEST49703443192.168.2.6172.67.75.166
                                                                                                                                        Apr 25, 2024 19:31:59.834002972 CEST44349703172.67.75.166192.168.2.6
                                                                                                                                        Apr 25, 2024 19:31:59.834259033 CEST44349703172.67.75.166192.168.2.6
                                                                                                                                        Apr 25, 2024 19:31:59.835645914 CEST49703443192.168.2.6172.67.75.166
                                                                                                                                        Apr 25, 2024 19:31:59.876121998 CEST44349703172.67.75.166192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:00.222650051 CEST44349703172.67.75.166192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:00.222724915 CEST44349703172.67.75.166192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:00.222803116 CEST49703443192.168.2.6172.67.75.166
                                                                                                                                        Apr 25, 2024 19:32:00.224239111 CEST49703443192.168.2.6172.67.75.166
                                                                                                                                        Apr 25, 2024 19:32:00.224256039 CEST44349703172.67.75.166192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:00.224275112 CEST49703443192.168.2.6172.67.75.166
                                                                                                                                        Apr 25, 2024 19:32:00.224281073 CEST44349703172.67.75.166192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:00.224823952 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:00.487972975 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:00.530476093 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:00.546628952 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:00.803064108 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:00.842978954 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:00.874398947 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:01.123126984 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:01.171118975 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:01.202439070 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:01.449682951 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:01.499198914 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:01.530590057 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:01.778158903 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:01.827373981 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:02.733549118 CEST49673443192.168.2.6173.222.162.64
                                                                                                                                        Apr 25, 2024 19:32:02.733550072 CEST49674443192.168.2.6173.222.162.64
                                                                                                                                        Apr 25, 2024 19:32:03.036501884 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:03.040179014 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:03.061738014 CEST49672443192.168.2.6173.222.162.64
                                                                                                                                        Apr 25, 2024 19:32:03.282582998 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:03.282748938 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:03.282776117 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:03.282810926 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:03.282984972 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:03.525285006 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:03.525355101 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:03.525388002 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:03.525391102 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:03.525420904 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:03.525469065 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:03.525525093 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:03.525624990 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:03.525657892 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:03.525760889 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:03.770780087 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:03.770809889 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:03.770827055 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:03.770840883 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:03.770963907 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:03.770987988 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:03.771004915 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:03.771086931 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:03.771120071 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:03.771133900 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:03.771168947 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:03.771183014 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:03.771205902 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:03.771265984 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:03.771306038 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:03.771377087 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:03.771392107 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:03.771456957 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:03.771501064 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:03.771514893 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:03.771564007 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:03.771578074 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:03.771650076 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.016278028 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.016335011 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.016411066 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.016479969 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.016870022 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.016904116 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.016928911 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.016957998 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.017021894 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.017091036 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.017132998 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.017174959 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.018722057 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.018822908 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.019345045 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.019431114 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.019459009 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.019526005 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.019592047 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.019665956 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.019804955 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.019902945 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.019963026 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.020016909 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.020080090 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.020140886 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.020179033 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.020231009 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.020251989 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.020283937 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.020314932 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.020355940 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.020387888 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.020395041 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.020414114 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.020458937 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.021435976 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.021467924 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.021521091 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.023066998 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.023144960 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.259156942 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.259202003 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.259258986 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.259357929 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.259896994 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.259927988 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.259994030 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.260154963 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.260268927 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.260278940 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.260354996 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.260396957 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.260457993 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.260590076 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.260664940 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.260946035 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.260976076 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.261008978 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.261045933 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.261291027 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.261322021 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.261357069 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.261401892 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.261712074 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.261789083 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.261867046 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.261934042 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.261941910 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.261975050 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.262012005 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.262527943 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.262618065 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.262732983 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.262810946 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.262851000 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.262933969 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.263078928 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.263109922 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.263145924 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.263185024 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.263222933 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.263295889 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.263456106 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.263544083 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.263607025 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.263669014 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.264034033 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.264115095 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.264163971 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.264231920 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.264718056 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.264833927 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.264950991 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.265017033 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.265022039 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.265094995 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.265103102 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.265160084 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.265209913 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.265242100 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.265275955 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.265311956 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.265322924 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.265368938 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:04.265427113 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.265458107 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.265489101 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.265559912 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.265834093 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.266351938 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.266383886 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.266577959 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.266772032 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.266841888 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.266958952 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.267421961 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.501779079 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.501835108 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.501867056 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.502124071 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.502197027 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.502294064 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.502356052 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.502435923 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.502707005 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.503082991 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.503237963 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.503309965 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.503513098 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.503546953 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.503576994 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.503746033 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.504208088 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.504240990 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.504271984 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.504853010 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.504940033 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.504971027 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.505002022 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.505110979 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.505590916 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.505628109 CEST44349700173.222.162.64192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.505717039 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.505739927 CEST49700443192.168.2.6173.222.162.64
                                                                                                                                        Apr 25, 2024 19:32:04.505748987 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.505779982 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.505980968 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.506048918 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.506079912 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.506833076 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.506864071 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.507014990 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.507276058 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.508229017 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.508737087 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.508871078 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.508902073 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.508949995 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.509040117 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.509162903 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.509193897 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.509222984 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.509366989 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.509398937 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.509429932 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.509613991 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.509682894 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.509715080 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.509744883 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.510001898 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.510034084 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.510433912 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.510464907 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.510495901 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.510524988 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.511077881 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.511109114 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.511138916 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.511168957 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.511368990 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.511399984 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.511594057 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.511641979 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.511729956 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.511838913 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.511893988 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.512465954 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.512538910 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.512736082 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.513062000 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.513339996 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:04.905698061 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:05.189378977 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:05.610400915 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:05.655472994 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:06.296333075 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:06.538760900 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:06.538814068 CEST505004970145.15.156.9192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:06.538877010 CEST4970150500192.168.2.645.15.156.9
                                                                                                                                        Apr 25, 2024 19:32:14.600785017 CEST49700443192.168.2.6173.222.162.64
                                                                                                                                        Apr 25, 2024 19:32:14.600891113 CEST49700443192.168.2.6173.222.162.64
                                                                                                                                        Apr 25, 2024 19:32:14.601322889 CEST49714443192.168.2.6173.222.162.64
                                                                                                                                        Apr 25, 2024 19:32:14.601357937 CEST44349714173.222.162.64192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:14.601603985 CEST49714443192.168.2.6173.222.162.64
                                                                                                                                        Apr 25, 2024 19:32:14.601699114 CEST49714443192.168.2.6173.222.162.64
                                                                                                                                        Apr 25, 2024 19:32:14.601710081 CEST44349714173.222.162.64192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:14.758980989 CEST44349700173.222.162.64192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:14.759147882 CEST44349700173.222.162.64192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:14.927717924 CEST44349714173.222.162.64192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:14.927802086 CEST49714443192.168.2.6173.222.162.64
                                                                                                                                        Apr 25, 2024 19:32:34.090059996 CEST44349714173.222.162.64192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:34.090137959 CEST49714443192.168.2.6173.222.162.64
                                                                                                                                        Apr 25, 2024 19:32:41.312102079 CEST4969980192.168.2.6152.195.50.149
                                                                                                                                        Apr 25, 2024 19:32:41.421432972 CEST8049699152.195.50.149192.168.2.6
                                                                                                                                        Apr 25, 2024 19:32:41.421508074 CEST4969980192.168.2.6152.195.50.149

                                                                                                                                        UDP Packets

                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                        Apr 25, 2024 19:31:58.877687931 CEST5305053192.168.2.61.1.1.1
                                                                                                                                        Apr 25, 2024 19:31:58.989167929 CEST53530501.1.1.1192.168.2.6
                                                                                                                                        Apr 25, 2024 19:31:59.481756926 CEST6277653192.168.2.61.1.1.1
                                                                                                                                        Apr 25, 2024 19:31:59.594659090 CEST53627761.1.1.1192.168.2.6

                                                                                                                                        DNS Queries

                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                        Apr 25, 2024 19:31:58.877687931 CEST192.168.2.61.1.1.10xbf0cStandard query (0)ipinfo.ioA (IP address)IN (0x0001)false
                                                                                                                                        Apr 25, 2024 19:31:59.481756926 CEST192.168.2.61.1.1.10xbdfStandard query (0)db-ip.comA (IP address)IN (0x0001)false

                                                                                                                                        DNS Answers

                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                        Apr 25, 2024 19:31:58.989167929 CEST1.1.1.1192.168.2.60xbf0cNo error (0)ipinfo.io34.117.186.192A (IP address)IN (0x0001)false
                                                                                                                                        Apr 25, 2024 19:31:59.594659090 CEST1.1.1.1192.168.2.60xbdfNo error (0)db-ip.com172.67.75.166A (IP address)IN (0x0001)false
                                                                                                                                        Apr 25, 2024 19:31:59.594659090 CEST1.1.1.1192.168.2.60xbdfNo error (0)db-ip.com104.26.5.15A (IP address)IN (0x0001)false
                                                                                                                                        Apr 25, 2024 19:31:59.594659090 CEST1.1.1.1192.168.2.60xbdfNo error (0)db-ip.com104.26.4.15A (IP address)IN (0x0001)false
                                                                                                                                        Apr 25, 2024 19:32:08.688689947 CEST1.1.1.1192.168.2.60x66b7No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                        Apr 25, 2024 19:32:08.688689947 CEST1.1.1.1192.168.2.60x66b7No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false
                                                                                                                                        Apr 25, 2024 19:32:09.677678108 CEST1.1.1.1192.168.2.60xe7d0No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                        Apr 25, 2024 19:32:09.677678108 CEST1.1.1.1192.168.2.60xe7d0No error (0)fp2e7a.wpc.phicdn.net192.229.211.108A (IP address)IN (0x0001)false

                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                        • https:
                                                                                                                                          • ipinfo.io
                                                                                                                                        • db-ip.com

                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        0192.168.2.64970234.117.186.1924431208C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-04-25 17:31:59 UTC239OUTGET /widget/demo/185.152.66.230 HTTP/1.1
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Referer: https://ipinfo.io/
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                        Host: ipinfo.io
                                                                                                                                        2024-04-25 17:31:59 UTC514INHTTP/1.1 200 OK
                                                                                                                                        server: nginx/1.24.0
                                                                                                                                        date: Thu, 25 Apr 2024 17:31:59 GMT
                                                                                                                                        content-type: application/json; charset=utf-8
                                                                                                                                        Content-Length: 1052
                                                                                                                                        access-control-allow-origin: *
                                                                                                                                        x-frame-options: SAMEORIGIN
                                                                                                                                        x-xss-protection: 1; mode=block
                                                                                                                                        x-content-type-options: nosniff
                                                                                                                                        referrer-policy: strict-origin-when-cross-origin
                                                                                                                                        x-envoy-upstream-service-time: 3
                                                                                                                                        via: 1.1 google
                                                                                                                                        strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                        Connection: close
                                                                                                                                        2024-04-25 17:31:59 UTC741INData Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 31 38 35 2e 31 35 32 2e 36 36 2e 32 33 30 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 31 38 35 2e 31 35 32 2e 36 36 2e 32 33 30 22 2c 0a 20 20 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 75 6e 6e 2d 31 38 35 2d 31 35 32 2d 36 36 2d 32 33 30 2e 64 61 74 61 70 61 63 6b 65 74 2e 63 6f 6d 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 41 74 6c 61 6e 74 61 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 47 65 6f 72 67 69 61 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 33 33 2e 37 34 39 30 2c 2d 38 34 2e 33 38 38 30 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 36 30 30 36 38 20 44 61 74 61 63 61 6d 70 20 4c 69
                                                                                                                                        Data Ascii: { "input": "185.152.66.230", "data": { "ip": "185.152.66.230", "hostname": "unn-185-152-66-230.datapacket.com", "city": "Atlanta", "region": "Georgia", "country": "US", "loc": "33.7490,-84.3880", "org": "AS60068 Datacamp Li
                                                                                                                                        2024-04-25 17:31:59 UTC311INData Raw: 3a 20 22 43 79 62 65 72 47 68 6f 73 74 22 0a 20 20 20 20 7d 2c 0a 20 20 20 20 22 61 62 75 73 65 22 3a 20 7b 0a 20 20 20 20 20 20 22 61 64 64 72 65 73 73 22 3a 20 22 44 61 74 61 63 61 6d 70 20 4c 69 6d 69 74 65 64 2c 20 5a 64 65 6e 65 6b 20 43 65 6e 64 72 61 2c 20 32 30 37 20 52 65 67 65 6e 74 20 53 74 72 65 65 74 2c 20 57 31 42 20 33 48 48 2c 20 4c 6f 6e 64 6f 6e 2c 20 55 4e 49 54 45 44 20 4b 49 4e 47 44 4f 4d 22 2c 0a 20 20 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 20 20 22 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 64 61 74 61 63 61 6d 70 2e 63 6f 2e 75 6b 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 41 62 75 73 65 20 43 6f 6e 74 61 63 74 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 31 38 35
                                                                                                                                        Data Ascii: : "CyberGhost" }, "abuse": { "address": "Datacamp Limited, Zdenek Cendra, 207 Regent Street, W1B 3HH, London, UNITED KINGDOM", "country": "US", "email": "abuse@datacamp.co.uk", "name": "Abuse Contact", "network": "185


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        1192.168.2.649703172.67.75.1664431208C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-04-25 17:31:59 UTC263OUTGET /demo/home.php?s=185.152.66.230 HTTP/1.1
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                        Host: db-ip.com
                                                                                                                                        2024-04-25 17:32:00 UTC658INHTTP/1.1 200 OK
                                                                                                                                        Date: Thu, 25 Apr 2024 17:32:00 GMT
                                                                                                                                        Content-Type: application/json
                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                        Connection: close
                                                                                                                                        x-iplb-request-id: AC45464C:6A30_93878F2E:0050_662A9390_9DD7BCF:4F34
                                                                                                                                        x-iplb-instance: 59215
                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nOpwI3EksvzMFibzxBtgt8sVb6F9Lj%2BnOutsnYjTO748AkEIr%2BKb8bFcGaOir2%2FDjnTLhGuoCf8qXF3F%2F9gtrk2Bb3dMUE9ZgvCkkO0phV3wAuN8B%2BpHBQ02TA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                        Server: cloudflare
                                                                                                                                        CF-RAY: 87a011e42d9b44df-ATL
                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                        2024-04-25 17:32:00 UTC675INData Raw: 32 39 63 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 65 6d 6f 49 6e 66 6f 22 3a 7b 22 69 70 41 64 64 72 65 73 73 22 3a 22 31 38 35 2e 31 35 32 2e 36 36 2e 32 33 30 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 43 6f 64 65 22 3a 22 4e 41 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 4e 61 6d 65 22 3a 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 4e 61 6d 65 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 69 73 45 75 4d 65 6d 62 65 72 22 3a 66 61 6c 73 65 2c 22 63 75 72 72 65 6e 63 79 43 6f 64 65 22 3a 22 55 53 44 22 2c 22 63 75 72 72 65 6e 63 79 4e 61 6d 65 22 3a 22 44 6f 6c 6c 61 72 22 2c 22 70 68 6f 6e 65 50 72 65 66 69 78 22 3a 22 31 22 2c 22 6c 61 6e 67 75 61 67 65 73
                                                                                                                                        Data Ascii: 29c{"status":"ok","demoInfo":{"ipAddress":"185.152.66.230","continentCode":"NA","continentName":"North America","countryCode":"US","countryName":"United States","isEuMember":false,"currencyCode":"USD","currencyName":"Dollar","phonePrefix":"1","languages
                                                                                                                                        2024-04-25 17:32:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                        Data Ascii: 0


                                                                                                                                        Statistics

                                                                                                                                        CPU Usage

                                                                                                                                        Click to jump to process

                                                                                                                                        Memory Usage

                                                                                                                                        Click to jump to process

                                                                                                                                        High Level Behavior Distribution

                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                        Behavior

                                                                                                                                        Click to jump to process

                                                                                                                                        System Behavior

                                                                                                                                        General

                                                                                                                                        Target ID:0
                                                                                                                                        Start time:19:31:55
                                                                                                                                        Start date:25/04/2024
                                                                                                                                        Path:C:\Users\user\Desktop\file.exe
                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                        Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                        Imagebase:0x130000
                                                                                                                                        File size:4'762'624 bytes
                                                                                                                                        MD5 hash:CC800AEE4D8F6B42601BE444E284354E
                                                                                                                                        Has elevated privileges:true
                                                                                                                                        Has administrator privileges:true
                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                        Yara matches:
                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000000.2084139212.0000000000132000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                        Reputation:low
                                                                                                                                        Has exited:true

                                                                                                                                        General

                                                                                                                                        Target ID:2
                                                                                                                                        Start time:19:31:56
                                                                                                                                        Start date:25/04/2024
                                                                                                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                        Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
                                                                                                                                        Imagebase:0x990000
                                                                                                                                        File size:262'432 bytes
                                                                                                                                        MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                                                                                                                                        Has elevated privileges:true
                                                                                                                                        Has administrator privileges:true
                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                        Yara matches:
                                                                                                                                        • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000002.00000002.2254441569.0000000005376000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.2254441569.0000000005350000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        Reputation:moderate
                                                                                                                                        Has exited:true

                                                                                                                                        General

                                                                                                                                        Target ID:5
                                                                                                                                        Start time:19:32:05
                                                                                                                                        Start date:25/04/2024
                                                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 1688
                                                                                                                                        Imagebase:0x690000
                                                                                                                                        File size:483'680 bytes
                                                                                                                                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                        Has elevated privileges:true
                                                                                                                                        Has administrator privileges:true
                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                        Reputation:high
                                                                                                                                        Has exited:true

                                                                                                                                        Disassembly

                                                                                                                                        Reset < >

                                                                                                                                          Executed Functions

                                                                                                                                          Function 6D39B6B0 Relevance: 35.2, APIs: 23, Instructions: 669COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 720 6d39b6b0-6d39b758 VariantInit * 2 721 6d39b75a-6d39b75f call 6d3ec1e0 720->721 722 6d39b764-6d39b769 720->722 721->722 724 6d39b76b-6d39b770 722->724 725 6d39b773-6d39b784 722->725 724->725 727 6d39b78a-6d39b791 725->727 728 6d39be96-6d39beb4 VariantClear * 2 725->728 729 6d39b7b9-6d39b7e2 SafeArrayCreateVector 727->729 730 6d39b793-6d39b798 727->730 731 6d39bebe-6d39beca 728->731 732 6d39beb6-6d39bebb 728->732 737 6d39b7ec-6d39b809 SafeArrayPutElement VariantClear 729->737 738 6d39b7e4-6d39b7e7 729->738 735 6d39b79a-6d39b79f 730->735 736 6d39b7a2-6d39b7b3 730->736 733 6d39becc-6d39bed1 731->733 734 6d39bed4-6d39bef2 call 6d3d948b 731->734 732->731 733->734 735->736 736->728 736->729 740 6d39b80f-6d39b81d 737->740 741 6d39be85-6d39be8d 737->741 738->737 744 6d39b829-6d39b841 740->744 745 6d39b81f-6d39b824 call 6d3ec1e0 740->745 741->728 746 6d39be8f-6d39be90 SafeArrayDestroy 741->746 744->741 749 6d39b847-6d39b853 744->749 745->744 746->728 749->741 750 6d39b859-6d39b85e 749->750 750->741 751 6d39b864-6d39b86b 750->751 752 6d39b871-6d39b87e 751->752 753 6d39b913-6d39b917 751->753 756 6d39b888-6d39b8f8 call 6d39dbc0 call 6d395790 call 6d39c850 752->756 757 6d39b880-6d39b882 752->757 754 6d39b919-6d39b91b 753->754 755 6d39b921-6d39b941 call 6d38dcd0 753->755 754->741 754->755 755->741 762 6d39b947-6d39b964 call 6d38dcd0 755->762 772 6d39b8fa-6d39b8ff call 6d39e800 756->772 773 6d39b904-6d39b90e call 6d39e800 756->773 757->741 757->756 762->741 768 6d39b96a-6d39b96d 762->768 770 6d39b96f-6d39b98d call 6d38dcd0 768->770 771 6d39b993-6d39b9bf 768->771 770->741 770->771 777 6d39b9cb-6d39ba1d VariantClear 771->777 778 6d39b9c1-6d39b9c6 call 6d3ec1e0 771->778 784 6d39be83 772->784 773->771 777->741 785 6d39ba23-6d39ba31 777->785 778->777 784->741 786 6d39ba3d-6d39ba8b 785->786 787 6d39ba33-6d39ba38 call 6d3ec1e0 785->787 786->741 790 6d39ba91-6d39ba95 786->790 787->786 790->741 791 6d39ba9b-6d39baa7 call 6d3d9bb5 790->791 794 6d39baa9-6d39bab4 791->794 795 6d39bab6 791->795 796 6d39bab8-6d39bacc call 6d39bf00 794->796 795->796 796->741 799 6d39bad2-6d39bada 796->799 800 6d39badc-6d39baed call 6d3947d0 799->800 801 6d39baf3-6d39baf8 799->801 800->741 800->801 803 6d39bafa-6d39bb0b call 6d3947d0 801->803 804 6d39bb11-6d39bb2e call 6d3949b0 801->804 803->741 803->804 804->741 810 6d39bb34-6d39bb4b call 6d39cd20 804->810 810->741 813 6d39bb51-6d39bb8e call 6d395790 call 6d394170 810->813 818 6d39bb9a-6d39bba8 call 6d39e800 813->818 819 6d39bb90-6d39bb95 call 6d39e800 813->819 824 6d39bbae-6d39bbc0 818->824 825 6d39bca2 818->825 819->784 824->825 827 6d39bbc6-6d39bc5b call 6d38c4a0 VariantInit * 2 SafeArrayCreateVector SafeArrayPutElement VariantClear call 6d39db10 824->827 826 6d39bca8-6d39bcae 825->826 828 6d39bd78-6d39bdc8 826->828 829 6d39bcb4-6d39bcc6 826->829 839 6d39bc60-6d39bc75 827->839 828->784 840 6d39bdce-6d39bdd7 828->840 829->828 831 6d39bccc-6d39bd76 call 6d38c4a0 VariantInit * 2 SafeArrayCreateVector SafeArrayPutElement VariantClear call 6d39db10 VariantClear * 2 829->831 831->828 842 6d39bc90-6d39bca0 VariantClear * 2 839->842 843 6d39bc77-6d39bc8d 839->843 840->784 844 6d39bddd-6d39bde4 840->844 842->826 843->842 844->784 846 6d39bdea-6d39be03 call 6d3d9bb5 844->846 850 6d39be12 846->850 851 6d39be05-6d39be10 call 6d38c4a0 846->851 853 6d39be14-6d39be3c 850->853 851->853 855 6d39be7f 853->855 856 6d39be3e-6d39be50 853->856 855->784 856->855 857 6d39be52-6d39be65 call 6d3d9bb5 856->857 860 6d39be71 857->860 861 6d39be67-6d39be6f call 6d38c4a0 857->861 863 6d39be73-6d39be7c 860->863 861->863 863->855
                                                                                                                                          APIs
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D39B73F
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D39B748
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D39B7BE
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D39B7F5
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39B801
                                                                                                                                            • Part of subcall function 6D39C850: VariantInit.OLEAUT32(?), ref: 6D39C88F
                                                                                                                                            • Part of subcall function 6D39C850: VariantInit.OLEAUT32(?), ref: 6D39C895
                                                                                                                                            • Part of subcall function 6D39C850: SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D39C8A0
                                                                                                                                            • Part of subcall function 6D39C850: SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6D39C8D5
                                                                                                                                            • Part of subcall function 6D39C850: VariantClear.OLEAUT32(?), ref: 6D39C8E1
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39BA15
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39BE90
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39BEA3
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39BEA9
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Variant$ArrayClearSafe$Init$CreateElementVector$Destroy
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2012514194-0
                                                                                                                                          • Opcode ID: 5c184d8df9021bb8607d0bb916b4787b6c2afe4c090d7193db5f422071a974f4
                                                                                                                                          • Instruction ID: 7626abbc251d0799888ca652b46214801cd97824276d4b1d71f1d417a1f265c7
                                                                                                                                          • Opcode Fuzzy Hash: 5c184d8df9021bb8607d0bb916b4787b6c2afe4c090d7193db5f422071a974f4
                                                                                                                                          • Instruction Fuzzy Hash: 48526B71D00219DFDB10DFA8C980BEEBBB9BF89300F158199E519AB341EB71A945CF91
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 05050EB3 Relevance: 18.3, Strings: 14, Instructions: 800COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1163 5050eb3-5050ece 1165 5050ed4-5050ee6 1163->1165 1166 50519bb-50519bf 1163->1166 1171 5050f15-5050f36 1165->1171 1172 5050ee8-5050f0a 1165->1172 1167 50519c1-50519cd 1166->1167 1168 50519d2-5051a2d 1166->1168 1170 5051ee8-5051ef5 1167->1170 1182 5051a34-5051a40 1168->1182 1177 5050f3c-5050f52 1171->1177 1172->1171 1172->1177 1179 5050f54-5050f58 1177->1179 1180 5050f5e-5051042 1177->1180 1179->1166 1179->1180 1202 5051044-5051050 1180->1202 1203 505106c 1180->1203 1184 5051a4b-5051a58 1182->1184 1185 5051a82 1184->1185 1186 5051a5a-5051a66 1184->1186 1190 5051a88-5051aaf 1185->1190 1188 5051a70-5051a76 1186->1188 1189 5051a68-5051a6e 1186->1189 1191 5051a80 1188->1191 1189->1191 1192 5051aba-5051acd 1190->1192 1191->1190 1194 5051ad2-5051adf 1192->1194 1196 5051ae5-5051b0e 1194->1196 1197 5051ae1 1194->1197 1200 5051b14-5051b40 1196->1200 1201 5051c40-5051c47 1196->1201 1197->1196 1214 5051b47-5051b82 1200->1214 1215 5051b42 1200->1215 1205 5051c4d-5051d4c 1201->1205 1206 5051d4f-5051db0 1201->1206 1207 5051052-5051058 1202->1207 1208 505105a-5051060 1202->1208 1204 5051072-5051124 1203->1204 1227 5051126-5051132 1204->1227 1228 505114e 1204->1228 1205->1206 1206->1170 1210 505106a 1207->1210 1208->1210 1210->1204 1214->1201 1215->1214 1229 5051134-505113a 1227->1229 1230 505113c-5051142 1227->1230 1232 5051154-505116f 1228->1232 1233 505114c 1229->1233 1230->1233 1236 5051171-505117d 1232->1236 1237 5051199 1232->1237 1233->1232 1240 5051187-505118d 1236->1240 1241 505117f-5051185 1236->1241 1238 505119f-50511bd 1237->1238 1246 50511c3-50512c3 1238->1246 1247 50512db-50513bf 1238->1247 1243 5051197 1240->1243 1241->1243 1243->1238 1246->1247 1260 50513c1-50513cd 1247->1260 1261 50513e9 1247->1261 1263 50513d7-50513dd 1260->1263 1264 50513cf-50513d5 1260->1264 1265 50513ef-5051444 1261->1265 1267 50513e7 1263->1267 1264->1267 1273 5051562-5051638 1265->1273 1274 505144a-5051549 1265->1274 1267->1265 1273->1166 1283 505163e-5051647 1273->1283 1274->1273 1285 5051652-5051751 1283->1285 1286 5051649-505164c 1283->1286 1287 505176a-5051781 1285->1287 1286->1285 1286->1287 1287->1166 1293 5051787-5051898 1287->1293 1309 50518a3-50519a2 1293->1309 1310 505189a-505189d 1293->1310 1309->1166 1310->1166 1310->1309
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2100229242.0000000005050000.00000040.00000800.00020000.00000000.sdmp, Offset: 05050000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_5050000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: HERE$HERE$HERE$HERE$HERE$HERE$HERE$LOOK$LOOK$LOOK$LOOK$LOOK$LOOK$LOOK
                                                                                                                                          • API String ID: 0-3320202828
                                                                                                                                          • Opcode ID: 04f8e64a858f39425777d3e7f8ad0bed9f7992b62b9cc1f6187ac23ee80528d8
                                                                                                                                          • Instruction ID: 493c4769e759780154817204bcf3be1022c51d9c093bf7541cb8e5905db054e7
                                                                                                                                          • Opcode Fuzzy Hash: 04f8e64a858f39425777d3e7f8ad0bed9f7992b62b9cc1f6187ac23ee80528d8
                                                                                                                                          • Instruction Fuzzy Hash: 96828474E012298FDB64DF68C994BDDBBB2AB88310F1481E9D54DAB351DB30AE85CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D38B6C0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 245libraryloaderCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1441 6d38b6c0-6d38b715 GetModuleHandleW 1442 6d38b72a-6d38b738 GetProcAddress 1441->1442 1443 6d38b717-6d38b724 LoadLibraryW 1441->1443 1444 6d38b94c-6d38b954 1442->1444 1445 6d38b73e-6d38b750 1442->1445 1443->1442 1443->1444 1446 6d38b95e-6d38b96a 1444->1446 1447 6d38b956-6d38b95b 1444->1447 1445->1444 1452 6d38b756-6d38b771 1445->1452 1448 6d38b96c-6d38b971 1446->1448 1449 6d38b974-6d38b98f call 6d3d948b 1446->1449 1447->1446 1448->1449 1452->1444 1455 6d38b777-6d38b788 1452->1455 1455->1444 1457 6d38b78e-6d38b791 1455->1457 1457->1444 1458 6d38b797-6d38b7b2 1457->1458 1458->1444 1460 6d38b7b8-6d38b7c5 1458->1460 1460->1444 1462 6d38b7cb-6d38b7d0 1460->1462 1463 6d38b7da-6d38b7e7 1462->1463 1464 6d38b7d2-6d38b7d7 1462->1464 1465 6d38b7ec-6d38b7ee 1463->1465 1464->1463 1465->1444 1466 6d38b7f4-6d38b7f9 1465->1466 1467 6d38b7fb-6d38b800 call 6d3ec1e0 1466->1467 1468 6d38b805-6d38b80a 1466->1468 1467->1468 1470 6d38b80c-6d38b811 1468->1470 1471 6d38b814-6d38b829 1468->1471 1470->1471 1471->1444 1473 6d38b82f-6d38b849 1471->1473 1474 6d38b850-6d38b85b 1473->1474 1474->1474 1475 6d38b85d-6d38b8a4 call 6d3da116 GetModuleHandleW 1474->1475 1475->1444 1478 6d38b8aa-6d38b8c1 1475->1478 1479 6d38b8c5-6d38b8d0 1478->1479 1479->1479 1480 6d38b8d2-6d38b8f0 GetProcAddress 1479->1480 1480->1444 1481 6d38b8f2-6d38b8ff call 6d375340 1480->1481 1485 6d38b900-6d38b905 1481->1485 1485->1485 1486 6d38b907-6d38b90d 1485->1486 1486->1485 1487 6d38b90f-6d38b912 1486->1487 1488 6d38b93a 1487->1488 1489 6d38b914-6d38b929 1487->1489 1492 6d38b93d-6d38b948 call 6d38ad80 1488->1492 1490 6d38b92b-6d38b92e 1489->1490 1491 6d38b931-6d38b938 1489->1491 1490->1491 1491->1492 1492->1444
                                                                                                                                          APIs
                                                                                                                                          • GetModuleHandleW.KERNEL32(mscoree.dll,2D641B6B), ref: 6D38B711
                                                                                                                                          • LoadLibraryW.KERNEL32(mscoree.dll), ref: 6D38B71C
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CLRCreateInstance), ref: 6D38B730
                                                                                                                                          • __cftoe.LIBCMT ref: 6D38B870
                                                                                                                                          • GetModuleHandleW.KERNEL32(?), ref: 6D38B88B
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,C8F5E518), ref: 6D38B8D7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AddressHandleModuleProc$LibraryLoad__cftoe
                                                                                                                                          • String ID: CLRCreateInstance$mscoree.dll$v4.0.30319
                                                                                                                                          • API String ID: 1275574042-506955582
                                                                                                                                          • Opcode ID: 903715731ee2528b8f38a5e9be7c9a6394dcfa817085a04e614bb09b409ffdc2
                                                                                                                                          • Instruction ID: 796e4f3195bcaded85bfd9fe16c994e7ecc08af3e1bb604671084c60df8d3f83
                                                                                                                                          • Opcode Fuzzy Hash: 903715731ee2528b8f38a5e9be7c9a6394dcfa817085a04e614bb09b409ffdc2
                                                                                                                                          • Instruction Fuzzy Hash: 6C919E71D0428A9FDB04DFE8C881DAEBBB5FF48310F10856CE159EB252D731A94ACB55
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 050526F8 Relevance: .5, Instructions: 481COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2100229242.0000000005050000.00000040.00000800.00020000.00000000.sdmp, Offset: 05050000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_5050000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: ed799c5069fcb7c0a51071792f0636aa30e476e36847132ade55029b3cd334f4
                                                                                                                                          • Instruction ID: b89e1b6e8246970bfdca35962b06fe34098e702ff397e2cbdc063ffb0b6c57ef
                                                                                                                                          • Opcode Fuzzy Hash: ed799c5069fcb7c0a51071792f0636aa30e476e36847132ade55029b3cd334f4
                                                                                                                                          • Instruction Fuzzy Hash: A3328374E012299FDB64DFA5C990BDDBBB2BF89300F1091AAD909A7354DB306E81CF54
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 02839510 Relevance: .4, Instructions: 401COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091797344.0000000002830000.00000040.00000800.00020000.00000000.sdmp, Offset: 02830000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_2830000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 1749c55fd2f167906981338f956ec3fb0a2a6d0cffac952f3bb5393f371b1a8c
                                                                                                                                          • Instruction ID: 754b5ad4a55b53a0392e4718e7f7cfa809fac0a4399c2878d1c9b593ce74ccd5
                                                                                                                                          • Opcode Fuzzy Hash: 1749c55fd2f167906981338f956ec3fb0a2a6d0cffac952f3bb5393f371b1a8c
                                                                                                                                          • Instruction Fuzzy Hash: 15128E78E01228CFDB64DF69C994B9DBBB2BF89304F1085AAD509AB351DB705E81CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 050526F4 Relevance: .2, Instructions: 190COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2100229242.0000000005050000.00000040.00000800.00020000.00000000.sdmp, Offset: 05050000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_5050000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 4422f85fc84735630e5d1a543d33684fb303451bc7d4991e842816b0c86977f6
                                                                                                                                          • Instruction ID: 2cedbe397e3a0ed09123a4ff964145791040c50378764a85babc68728a1893bc
                                                                                                                                          • Opcode Fuzzy Hash: 4422f85fc84735630e5d1a543d33684fb303451bc7d4991e842816b0c86977f6
                                                                                                                                          • Instruction Fuzzy Hash: 6091A374E012289FDB64DF69D840BDEBBF2BF89300F1481AAD919AB354DB305A81CF55
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D399357 Relevance: 41.0, APIs: 21, Strings: 1, Instructions: 2492COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D3984BF
                                                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D3984D2
                                                                                                                                          • SafeArrayGetElement.OLEAUT32 ref: 6D39850A
                                                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D3994C1
                                                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D3994D4
                                                                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6D39950C
                                                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D3997A4
                                                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D3997B7
                                                                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6D3997F2
                                                                                                                                            • Part of subcall function 6D393A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D393B71
                                                                                                                                            • Part of subcall function 6D393A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D393B83
                                                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D399D5F
                                                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D399D72
                                                                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6D399DAF
                                                                                                                                            • Part of subcall function 6D393A90: SafeArrayDestroy.OLEAUT32(?), ref: 6D393BCF
                                                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D39A1BC
                                                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D39A1CF
                                                                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6D39A20C
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE63
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE73
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE86
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE99
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEAC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEBF
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArraySafe$Bound$Destroy$Element
                                                                                                                                          • String ID: A
                                                                                                                                          • API String ID: 959723449-3554254475
                                                                                                                                          • Opcode ID: 674bb6a1bed2d7cb972a3af306b202cc5c84d49198e141ae4423b4e1d8145034
                                                                                                                                          • Instruction ID: 7e958d559cbb157804774467488957d22b799839ba68a8073ed24297ba0ca9cd
                                                                                                                                          • Opcode Fuzzy Hash: 674bb6a1bed2d7cb972a3af306b202cc5c84d49198e141ae4423b4e1d8145034
                                                                                                                                          • Instruction Fuzzy Hash: B523B171A00205DFDB00DFA8CD84FAD77B9AF49304F158194EA49EF292EB75E985CB60
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D392970 Relevance: 25.8, APIs: 17, Instructions: 335COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 865 6d392970-6d3929c1 866 6d3929cd-6d3929d7 865->866 867 6d3929c3-6d3929c8 call 6d3ec1e0 865->867 931 6d3929d8 call 265d171 866->931 932 6d3929d8 call 265d170 866->932 867->866 869 6d3929da-6d3929dc 870 6d392d12-6d392d18 869->870 871 6d3929e2-6d3929e8 869->871 873 6d392d21-6d392d37 870->873 874 6d392d1a-6d392d1b SafeArrayDestroy 870->874 872 6d3929ee-6d392a1a SafeArrayGetLBound SafeArrayGetUBound 871->872 871->873 872->870 875 6d392a20-6d392a37 SafeArrayGetElement 872->875 874->873 875->870 876 6d392a3d-6d392a4d 875->876 876->867 877 6d392a53-6d392a6f 876->877 879 6d392d5a-6d392d5f 877->879 880 6d392a75-6d392a77 877->880 882 6d392c76-6d392c78 879->882 880->879 881 6d392a7d-6d392a92 call 6d3938e0 880->881 887 6d392c58-6d392c63 881->887 888 6d392a98-6d392aac 881->888 882->870 884 6d392c7e-6d392c86 882->884 884->870 891 6d392c6d-6d392c72 887->891 892 6d392c65-6d392c6a 887->892 889 6d392aae-6d392ab3 888->889 890 6d392ab6-6d392acc VariantInit 888->890 889->890 890->867 893 6d392ad2-6d392ae3 890->893 891->882 892->891 894 6d392ae9-6d392aeb 893->894 895 6d392ae5-6d392ae7 893->895 896 6d392aee-6d392af2 894->896 895->896 897 6d392af8 896->897 898 6d392af4-6d392af6 896->898 899 6d392afa-6d392b34 897->899 898->899 901 6d392c8b-6d392caa VariantClear * 2 899->901 902 6d392b3a-6d392b50 VariantInit 899->902 901->891 903 6d392cac-6d392cb4 901->903 902->867 904 6d392b56-6d392b67 902->904 903->891 905 6d392b69-6d392b6b 904->905 906 6d392b6d-6d392b6f 904->906 908 6d392b72-6d392b76 905->908 906->908 909 6d392b78-6d392b7a 908->909 910 6d392b7c 908->910 911 6d392b7e-6d392bb8 909->911 910->911 913 6d392d3a-6d392d55 VariantClear * 3 911->913 914 6d392bbe-6d392bcb 911->914 913->887 914->913 915 6d392bd1-6d392bf3 call 6d3a3160 914->915 919 6d392bf9-6d392c1f VariantClear * 3 915->919 920 6d392cb6-6d392cf1 VariantClear * 3 915->920 921 6d392c29-6d392c34 919->921 922 6d392c21-6d392c26 919->922 927 6d392cfb-6d392d06 920->927 928 6d392cf3-6d392cf6 920->928 923 6d392c3e-6d392c4d 921->923 924 6d392c36-6d392c3b 921->924 922->921 923->875 926 6d392c53 923->926 924->923 926->870 929 6d392d08-6d392d0d 927->929 930 6d392d10 927->930 928->927 929->930 930->870 931->869 932->869
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D3929F6
                                                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D392A08
                                                                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D392A2F
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D392ABB
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D392B3F
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D392C04
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D392C0B
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D392C12
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D392C96
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D392C9D
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D392CD6
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D392CDD
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D392CE4
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D392D1B
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D392D45
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D392D4C
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D392D53
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Variant$Clear$ArraySafe$BoundInit$DestroyElement
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 214056513-0
                                                                                                                                          • Opcode ID: 3053de30a807ee977217079cf0a35abd9c360fda99d703cbbe789b16efbaa5f7
                                                                                                                                          • Instruction ID: fb3e9de064bd96528c2bd6513a1c89111c09bde97a05fceabdcede3911afdf72
                                                                                                                                          • Opcode Fuzzy Hash: 3053de30a807ee977217079cf0a35abd9c360fda99d703cbbe789b16efbaa5f7
                                                                                                                                          • Instruction Fuzzy Hash: 9EC19B752087419FD710DFA8C884A6BBBE8FF89304F60885DF6A5CB260D771E845CB62
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D38AF30 Relevance: 24.3, APIs: 16, Instructions: 335COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 933 6d38af30-6d38af95 VariantInit * 3 934 6d38afa1-6d38afa7 933->934 935 6d38af97-6d38af9c call 6d3ec1e0 933->935 937 6d38afa9-6d38afae 934->937 938 6d38afb1-6d38afbf 934->938 935->934 937->938 1012 6d38afc0 call 265d171 938->1012 1013 6d38afc0 call 265d170 938->1013 939 6d38afc2-6d38afc4 940 6d38afca-6d38afda call 6d3938e0 939->940 941 6d38b22c-6d38b252 VariantClear * 3 939->941 940->941 948 6d38afe0-6d38aff4 940->948 943 6d38b25c-6d38b26a 941->943 944 6d38b254-6d38b257 941->944 946 6d38b26c-6d38b271 943->946 947 6d38b274-6d38b288 943->947 944->943 946->947 949 6d38affe-6d38b015 VariantCopy 948->949 950 6d38aff6-6d38aff9 948->950 951 6d38b01d-6d38b033 VariantClear 949->951 952 6d38b017-6d38b018 call 6d3ec1e0 949->952 950->949 954 6d38b03f-6d38b050 951->954 955 6d38b035-6d38b03a call 6d3ec1e0 951->955 952->951 957 6d38b052-6d38b054 954->957 958 6d38b056-6d38b058 954->958 955->954 959 6d38b05b-6d38b05f 957->959 958->959 960 6d38b061-6d38b063 959->960 961 6d38b065 959->961 962 6d38b067-6d38b09a 960->962 961->962 1014 6d38b09d call 265d171 962->1014 1015 6d38b09d call 265d170 962->1015 963 6d38b09f-6d38b0a1 963->941 964 6d38b0a7-6d38b0b3 call 6d3d9bb5 963->964 967 6d38b0c1 964->967 968 6d38b0b5-6d38b0bf 964->968 969 6d38b0c3-6d38b0ca 967->969 968->969 970 6d38b0d0-6d38b0d9 969->970 970->970 971 6d38b0db-6d38b111 call 6d3d91e1 call 6d3da136 970->971 976 6d38b11d-6d38b12b 971->976 977 6d38b113-6d38b118 call 6d3ec1e0 971->977 979 6d38b12d-6d38b12f 976->979 980 6d38b131-6d38b133 976->980 977->976 981 6d38b136-6d38b13a 979->981 980->981 982 6d38b13c-6d38b13e 981->982 983 6d38b140 981->983 984 6d38b142-6d38b17e 982->984 983->984 986 6d38b1ff-6d38b203 984->986 987 6d38b180-6d38b18a 984->987 988 6d38b210-6d38b215 986->988 989 6d38b205-6d38b20e call 6d3d9c35 986->989 990 6d38b28d-6d38b2b8 VariantClear * 3 987->990 991 6d38b190-6d38b1b9 SafeArrayGetLBound SafeArrayGetUBound 987->991 995 6d38b223-6d38b229 call 6d3d9b35 988->995 996 6d38b217-6d38b220 call 6d3d9c35 988->996 989->988 993 6d38b2ba-6d38b2bf 990->993 994 6d38b2c2-6d38b2d0 990->994 997 6d38b28b 991->997 998 6d38b1bf-6d38b1cd SafeArrayAccessData 991->998 993->994 1001 6d38b2da-6d38b2ee 994->1001 1002 6d38b2d2-6d38b2d7 994->1002 995->941 996->995 997->990 998->997 1004 6d38b1d3-6d38b1f7 call 6d3d91e1 call 6d3da530 SafeArrayUnaccessData 998->1004 1002->1001 1004->997 1011 6d38b1fd 1004->1011 1011->986 1012->939 1013->939 1014->963 1015->963
                                                                                                                                          APIs
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D38AF75
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D38AF7C
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D38AF83
                                                                                                                                          • VariantCopy.OLEAUT32(?,?), ref: 6D38B00D
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D38B027
                                                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D38B19C
                                                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D38B1AA
                                                                                                                                          • SafeArrayAccessData.OLEAUT32(?,?), ref: 6D38B1C5
                                                                                                                                          • _memmove.LIBCMT ref: 6D38B1E6
                                                                                                                                          • SafeArrayUnaccessData.OLEAUT32(?), ref: 6D38B1EF
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D38B237
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D38B23E
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D38B245
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D38B29D
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D38B2A4
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D38B2AB
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Variant$Clear$ArraySafe$Init$BoundData$AccessCopyUnaccess_memmove
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3403836469-0
                                                                                                                                          • Opcode ID: 1e903da54e4cb7c2f8377474e4f60d10f02552aac58bd442f0b9bf18df16811b
                                                                                                                                          • Instruction ID: 058f4f3ed3277f2a0ada33178617cdb6a9b4f5757953e59377bd66210577c4d0
                                                                                                                                          • Opcode Fuzzy Hash: 1e903da54e4cb7c2f8377474e4f60d10f02552aac58bd442f0b9bf18df16811b
                                                                                                                                          • Instruction Fuzzy Hash: 16C15DB26083469FD700DF68C884A5BB7E9FF89304F14896DF699CB251D731E905CBA2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39D410 Relevance: 24.3, APIs: 16, Instructions: 290COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1016 6d39d410-6d39d44c 1017 6d39d44e-6d39d465 1016->1017 1018 6d39d472-6d39d4e0 VariantInit * 3 1016->1018 1019 6d39d4ec-6d39d4f2 1018->1019 1020 6d39d4e2-6d39d4ea 1018->1020 1021 6d39d4f6-6d39d504 1019->1021 1020->1021 1022 6d39d51e-6d39d527 1021->1022 1023 6d39d506-6d39d50d 1021->1023 1026 6d39d529-6d39d530 1022->1026 1027 6d39d538-6d39d53c 1022->1027 1024 6d39d50f-6d39d512 1023->1024 1025 6d39d514-6d39d516 1023->1025 1028 6d39d518-6d39d51c 1024->1028 1025->1028 1026->1027 1029 6d39d532-6d39d536 1026->1029 1030 6d39d540-6d39d544 1027->1030 1028->1022 1028->1023 1029->1030 1031 6d39d54a-6d39d5c0 call 6d3d9d66 SafeArrayCreateVector * 2 SafeArrayAccessData 1030->1031 1032 6d39d704-6d39d72f VariantClear * 3 1030->1032 1040 6d39d5c2-6d39d5c4 1031->1040 1041 6d39d5c6-6d39d5ea call 6d3da530 SafeArrayUnaccessData 1031->1041 1033 6d39d76c-6d39d783 1032->1033 1034 6d39d731-6d39d757 1032->1034 1037 6d39d75d 1034->1037 1038 6d39d470 1034->1038 1038->1018 1042 6d39d5ec-6d39d605 SafeArrayPutElement 1040->1042 1041->1042 1045 6d39d60b-6d39d629 1042->1045 1046 6d39d6e5-6d39d6eb 1042->1046 1047 6d39d62b-6d39d630 1045->1047 1048 6d39d633-6d39d64f SafeArrayPutElement VariantClear 1045->1048 1049 6d39d6ed-6d39d6f3 call 6d3d9d2c 1046->1049 1050 6d39d6f6-6d39d6f8 1046->1050 1047->1048 1048->1046 1052 6d39d655-6d39d664 1048->1052 1049->1050 1053 6d39d6fa-6d39d6fb SafeArrayDestroy 1050->1053 1054 6d39d701 1050->1054 1056 6d39d66a-6d39d694 1052->1056 1057 6d39d762-6d39d767 call 6d3ec1e0 1052->1057 1053->1054 1054->1032 1069 6d39d697 call 265d171 1056->1069 1070 6d39d697 call 265d170 1056->1070 1057->1033 1059 6d39d699-6d39d69b 1059->1046 1060 6d39d69d-6d39d6a9 1059->1060 1060->1046 1061 6d39d6ab-6d39d6c1 call 6d38db30 1060->1061 1061->1046 1064 6d39d6c3-6d39d6e0 call 6d3956b0 call 6d396880 1061->1064 1064->1046 1069->1059 1070->1059
                                                                                                                                          APIs
                                                                                                                                          • VariantInit.OLEAUT32 ref: 6D39D4B3
                                                                                                                                          • VariantInit.OLEAUT32 ref: 6D39D4C5
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D39D4CC
                                                                                                                                          • _malloc.LIBCMT ref: 6D39D551
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6D39D58B
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32 ref: 6D39D5A6
                                                                                                                                          • SafeArrayAccessData.OLEAUT32 ref: 6D39D5B8
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayInitSafeVariant$CreateVector$AccessData_malloc
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1552365394-0
                                                                                                                                          • Opcode ID: c4aeab6f411843129b45937f3caf74ac95afc0ef61b201221bbf11334852b326
                                                                                                                                          • Instruction ID: 658a790cf70cdd5c703cf9ff422d5a9c8e8ac9bf1ccb385c64ef45423a7d0484
                                                                                                                                          • Opcode Fuzzy Hash: c4aeab6f411843129b45937f3caf74ac95afc0ef61b201221bbf11334852b326
                                                                                                                                          • Instruction Fuzzy Hash: FFB154766083019FD314CF28D881B6BB7F9BFC9314F14895DE9998B250E771E905CBA2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39D468 Relevance: 21.2, APIs: 14, Instructions: 226COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1071 6d39d468 1072 6d39d470-6d39d4e0 VariantInit * 3 1071->1072 1074 6d39d4ec-6d39d4f2 1072->1074 1075 6d39d4e2-6d39d4ea 1072->1075 1076 6d39d4f6-6d39d504 1074->1076 1075->1076 1077 6d39d51e-6d39d527 1076->1077 1078 6d39d506-6d39d50d 1076->1078 1081 6d39d529-6d39d530 1077->1081 1082 6d39d538-6d39d53c 1077->1082 1079 6d39d50f-6d39d512 1078->1079 1080 6d39d514-6d39d516 1078->1080 1083 6d39d518-6d39d51c 1079->1083 1080->1083 1081->1082 1084 6d39d532-6d39d536 1081->1084 1085 6d39d540-6d39d544 1082->1085 1083->1077 1083->1078 1084->1085 1086 6d39d54a-6d39d5c0 call 6d3d9d66 SafeArrayCreateVector * 2 SafeArrayAccessData 1085->1086 1087 6d39d704-6d39d72f VariantClear * 3 1085->1087 1094 6d39d5c2-6d39d5c4 1086->1094 1095 6d39d5c6-6d39d5ea call 6d3da530 SafeArrayUnaccessData 1086->1095 1088 6d39d76c-6d39d783 1087->1088 1089 6d39d731-6d39d757 1087->1089 1089->1072 1092 6d39d75d 1089->1092 1096 6d39d5ec-6d39d605 SafeArrayPutElement 1094->1096 1095->1096 1099 6d39d60b-6d39d629 1096->1099 1100 6d39d6e5-6d39d6eb 1096->1100 1101 6d39d62b-6d39d630 1099->1101 1102 6d39d633-6d39d64f SafeArrayPutElement VariantClear 1099->1102 1103 6d39d6ed-6d39d6f3 call 6d3d9d2c 1100->1103 1104 6d39d6f6-6d39d6f8 1100->1104 1101->1102 1102->1100 1106 6d39d655-6d39d664 1102->1106 1103->1104 1107 6d39d6fa-6d39d6fb SafeArrayDestroy 1104->1107 1108 6d39d701 1104->1108 1110 6d39d66a-6d39d694 1106->1110 1111 6d39d762-6d39d767 call 6d3ec1e0 1106->1111 1107->1108 1108->1087 1123 6d39d697 call 265d171 1110->1123 1124 6d39d697 call 265d170 1110->1124 1111->1088 1113 6d39d699-6d39d69b 1113->1100 1114 6d39d69d-6d39d6a9 1113->1114 1114->1100 1115 6d39d6ab-6d39d6c1 call 6d38db30 1114->1115 1115->1100 1118 6d39d6c3-6d39d6e0 call 6d3956b0 call 6d396880 1115->1118 1118->1100 1123->1113 1124->1113
                                                                                                                                          APIs
                                                                                                                                          • VariantInit.OLEAUT32 ref: 6D39D4B3
                                                                                                                                          • VariantInit.OLEAUT32 ref: 6D39D4C5
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D39D4CC
                                                                                                                                          • _malloc.LIBCMT ref: 6D39D551
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6D39D58B
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32 ref: 6D39D5A6
                                                                                                                                          • SafeArrayAccessData.OLEAUT32 ref: 6D39D5B8
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D39D601
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D39D63E
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArraySafe$InitVariant$CreateElementVector$AccessData_malloc
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2723946344-0
                                                                                                                                          • Opcode ID: 01fcd40bc755a04d4d72389fffa3516c092059bf1f77f1ac9a22ce1dbefb8bde
                                                                                                                                          • Instruction ID: f2b0874de61aa43393707317d7179c8ae4f3a46b3dde98810109fa3cba1f2fec
                                                                                                                                          • Opcode Fuzzy Hash: 01fcd40bc755a04d4d72389fffa3516c092059bf1f77f1ac9a22ce1dbefb8bde
                                                                                                                                          • Instruction Fuzzy Hash: DC9145B5208301AFD304CF28D881A6BB7F9BFC9314F14895DE9998B351E771E905CBA2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3944C0 Relevance: 19.8, APIs: 13, Instructions: 261COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1125 6d3944c0-6d394538 VariantInit * 2 SafeArrayCreateVector 1126 6d39453a-6d39453d 1125->1126 1127 6d394542-6d394564 SafeArrayPutElement VariantClear 1125->1127 1126->1127 1128 6d39456a-6d394598 SafeArrayCreateVector SafeArrayPutElement 1127->1128 1129 6d39476f-6d394774 1127->1129 1128->1129 1132 6d39459e-6d3945b9 SafeArrayPutElement 1128->1132 1130 6d39477d-6d39479b VariantClear * 2 1129->1130 1131 6d394776-6d394777 SafeArrayDestroy 1129->1131 1133 6d39479d-6d3947ad 1130->1133 1134 6d3947b0-6d3947c4 1130->1134 1131->1130 1132->1129 1135 6d3945bf-6d3945d2 SafeArrayPutElement 1132->1135 1133->1134 1135->1129 1136 6d3945d8-6d3945e3 1135->1136 1137 6d3945ef-6d394604 1136->1137 1138 6d3945e5-6d3945ea call 6d3ec1e0 1136->1138 1137->1129 1141 6d39460a-6d394615 1137->1141 1138->1137 1141->1129 1142 6d39461b-6d39469f 1141->1142 1149 6d3946a1-6d39471f 1142->1149 1155 6d394721-6d394758 1149->1155 1158 6d39475a call 6d3d919e 1155->1158 1159 6d39475f-6d39476a call 6d39de60 1155->1159 1158->1159 1161 6d39476c 1159->1161 1161->1129
                                                                                                                                          APIs
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D3944FF
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D394505
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6D394516
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6D394551
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39455A
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000D,00000000,00000002), ref: 6D394579
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6D394594
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 6D3945B5
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 6D3945CE
                                                                                                                                          • std::tr1::_Xweak.LIBCPMT ref: 6D39475A
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D394777
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D394787
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39478D
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArraySafe$Variant$Element$Clear$CreateInitVector$DestroyXweakstd::tr1::_
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1304965753-0
                                                                                                                                          • Opcode ID: 76855310ace4549dd9c92b08b37bd9d31d0eda196337bc988c52bd08c01df590
                                                                                                                                          • Instruction ID: 7cacd2d5813a3f1e0245f055ddc08c8d1d9fbdc935250c9a42945d4ade879545
                                                                                                                                          • Opcode Fuzzy Hash: 76855310ace4549dd9c92b08b37bd9d31d0eda196337bc988c52bd08c01df590
                                                                                                                                          • Instruction Fuzzy Hash: 72A12C75A0020AABDB14DFA4CD84EAFB7B9BF8C710F14462DE516AB781D631E941CB60
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39BF00 Relevance: 18.2, APIs: 12, Instructions: 215COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1320 6d39bf00-6d39bf6a VariantInit * 4 1321 6d39bf6c-6d39bf71 1320->1321 1322 6d39bf74-6d39bf86 1320->1322 1321->1322 1323 6d39bf88-6d39bf8d 1322->1323 1324 6d39bf90-6d39bfbb call 6d39c150 1322->1324 1323->1324 1327 6d39bfc1-6d39bfdf call 6d39c150 1324->1327 1328 6d39c0c4-6d39c0cd 1324->1328 1327->1328 1335 6d39bfe5-6d39c019 call 6d39dc40 1327->1335 1329 6d39c0cf-6d39c0df 1328->1329 1330 6d39c0e2-6d39c149 call 6d3da1f7 * 2 VariantClear * 4 call 6d3d948b 1328->1330 1329->1330 1341 6d39c01b-6d39c01e 1335->1341 1342 6d39c020-6d39c029 1335->1342 1344 6d39c035-6d39c037 call 6d3944c0 1341->1344 1345 6d39c02b-6d39c02c 1342->1345 1346 6d39c02e 1342->1346 1349 6d39c03c-6d39c03e 1344->1349 1348 6d39c030-6d39c032 1345->1348 1346->1348 1348->1344 1349->1328 1351 6d39c044-6d39c05c VariantInit VariantCopy 1349->1351 1352 6d39c05e-6d39c05f call 6d3ec1e0 1351->1352 1353 6d39c064-6d39c07a 1351->1353 1352->1353 1353->1328 1356 6d39c07c-6d39c094 VariantInit VariantCopy 1353->1356 1357 6d39c09c-6d39c0af 1356->1357 1358 6d39c096-6d39c097 call 6d3ec1e0 1356->1358 1357->1328 1361 6d39c0b1-6d39c0c0 1357->1361 1358->1357 1361->1328
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Variant$Init$Clear$Copy
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3833040332-0
                                                                                                                                          • Opcode ID: 97dbb445f3b74ba4ecca1e5d78fb4c5c385d066d7f1cc8c7512cca7266866809
                                                                                                                                          • Instruction ID: 1770c42abcbc9786546cfafec5bdcce277c0a2a19b8a3a19ceba2d1bde87d6b4
                                                                                                                                          • Opcode Fuzzy Hash: 97dbb445f3b74ba4ecca1e5d78fb4c5c385d066d7f1cc8c7512cca7266866809
                                                                                                                                          • Instruction Fuzzy Hash: 5D815A71900219AFDB04DFA8C984FEEBBB9FF49304F148559E905AB341EB75E905CBA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3964D0 Relevance: 18.2, APIs: 12, Instructions: 159COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1362 6d3964d0-6d396552 VariantInit * 3 SafeArrayCreateVector 1363 6d39655c-6d39657e SafeArrayPutElement VariantClear 1362->1363 1364 6d396554-6d396559 1362->1364 1365 6d396661-6d396663 1363->1365 1366 6d396584-6d3965a1 1363->1366 1364->1363 1369 6d39666c-6d39669d VariantClear * 3 1365->1369 1370 6d396665-6d396666 SafeArrayDestroy 1365->1370 1367 6d3965ab-6d3965c7 SafeArrayPutElement VariantClear 1366->1367 1368 6d3965a3-6d3965a6 1366->1368 1367->1365 1371 6d3965cd-6d3965db 1367->1371 1368->1367 1370->1369 1372 6d3965dd-6d3965e2 call 6d3ec1e0 1371->1372 1373 6d3965e7-6d396613 1371->1373 1372->1373 1385 6d396616 call 265d171 1373->1385 1386 6d396616 call 265d170 1373->1386 1375 6d396618-6d39661a 1375->1365 1376 6d39661c-6d396628 1375->1376 1376->1365 1377 6d39662a-6d39663c call 6d38db30 1376->1377 1377->1365 1380 6d39663e-6d396650 call 6d3956b0 call 6d396880 1377->1380 1384 6d396655-6d39665c 1380->1384 1384->1365 1385->1375 1386->1375
                                                                                                                                          APIs
                                                                                                                                          • VariantInit.OLEAUT32 ref: 6D39650C
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D396519
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D396520
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C), ref: 6D396531
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D39656D
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D396576
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D3965B6
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D3965BF
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D396666
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D396677
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39667E
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D396685
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Variant$Clear$ArraySafe$Init$Element$CreateDestroyVector
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1625659656-0
                                                                                                                                          • Opcode ID: 28d6bcf21e03d9f0139ae64976ca0eb9730dcf4b20350b473170bfea1987dd5e
                                                                                                                                          • Instruction ID: 73b0698f9930e1f0d4c2ec3e27ed1c5f61d8f556be89ca2c063b74ac3a8f70d6
                                                                                                                                          • Opcode Fuzzy Hash: 28d6bcf21e03d9f0139ae64976ca0eb9730dcf4b20350b473170bfea1987dd5e
                                                                                                                                          • Instruction Fuzzy Hash: AA512A72108305AFC701DF64D880A6BBBF8EFC9710F10891DF9658B250EB71E905CB92
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39CB90 Relevance: 18.1, APIs: 12, Instructions: 143COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1387 6d39cb90-6d39cc11 VariantInit * 2 SafeArrayCreateVector * 2 SafeArrayPutElement 1388 6d39cce7-6d39cce9 1387->1388 1389 6d39cc17-6d39cc4b SafeArrayPutElement VariantClear 1387->1389 1390 6d39cceb-6d39ccec SafeArrayDestroy 1388->1390 1391 6d39ccf2-6d39cd18 VariantClear * 2 1388->1391 1389->1388 1392 6d39cc51-6d39cc61 SafeArrayPutElement 1389->1392 1390->1391 1392->1388 1393 6d39cc67-6d39cc7b SafeArrayPutElement 1392->1393 1393->1388 1394 6d39cc7d-6d39cc8e 1393->1394 1395 6d39cc9a-6d39ccc8 1394->1395 1396 6d39cc90-6d39cc95 call 6d3ec1e0 1394->1396 1401 6d39ccc9 call 265d171 1395->1401 1402 6d39ccc9 call 265d170 1395->1402 1396->1395 1398 6d39cccb-6d39cccd 1398->1388 1399 6d39cccf-6d39cce1 1398->1399 1399->1388 1400 6d39cce3 1399->1400 1400->1388 1401->1398 1402->1398
                                                                                                                                          APIs
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D39CBCA
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D39CBD3
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6D39CBE4
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6D39CBF6
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D39CC0D
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6D39CC39
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39CC42
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6D39CC5D
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6D39CC77
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D39CCEC
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39CCFC
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39CD02
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArraySafe$Variant$Element$Clear$CreateInitVector$Destroy
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3548156019-0
                                                                                                                                          • Opcode ID: 30c6509f13f8ab4cb57bef2a32998c1a669c7e6a477e197c428d999da324cdcd
                                                                                                                                          • Instruction ID: 76bbfcb819fa0fe0d2a1a6e5a43f36e500062862e47115d9b97d07b7283b5e24
                                                                                                                                          • Opcode Fuzzy Hash: 30c6509f13f8ab4cb57bef2a32998c1a669c7e6a477e197c428d999da324cdcd
                                                                                                                                          • Instruction Fuzzy Hash: 8F511175D00259AFDB00DFA4D885EEEBFB8FF49710F00816AEA15A7241D771A946CFA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D38A350 Relevance: 16.7, APIs: 11, Instructions: 206COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1403 6d38a350-6d38a3bd VariantInit * 3 call 6d3938e0 1406 6d38a3c3-6d38a3d6 1403->1406 1407 6d38a505-6d38a528 VariantClear * 3 1403->1407 1408 6d38a3d8-6d38a3dd 1406->1408 1409 6d38a3e0-6d38a3f7 VariantCopy 1406->1409 1410 6d38a52a-6d38a52d 1407->1410 1411 6d38a532-6d38a546 1407->1411 1408->1409 1412 6d38a3f9-6d38a3fa call 6d3ec1e0 1409->1412 1413 6d38a3ff-6d38a411 VariantClear 1409->1413 1410->1411 1412->1413 1415 6d38a41d-6d38a42b 1413->1415 1416 6d38a413-6d38a418 call 6d3ec1e0 1413->1416 1418 6d38a42d-6d38a42f 1415->1418 1419 6d38a431-6d38a433 1415->1419 1416->1415 1420 6d38a436-6d38a43a 1418->1420 1419->1420 1421 6d38a43c-6d38a43e 1420->1421 1422 6d38a440 1420->1422 1423 6d38a442-6d38a477 1421->1423 1422->1423 1439 6d38a47a call 265d171 1423->1439 1440 6d38a47a call 265d170 1423->1440 1424 6d38a47c-6d38a47e 1424->1407 1425 6d38a484-6d38a493 1424->1425 1426 6d38a49f-6d38a4b0 1425->1426 1427 6d38a495-6d38a49a call 6d3ec1e0 1425->1427 1429 6d38a4b2-6d38a4b4 1426->1429 1430 6d38a4b6-6d38a4b8 1426->1430 1427->1426 1431 6d38a4bb-6d38a4bf 1429->1431 1430->1431 1432 6d38a4c1-6d38a4c3 1431->1432 1433 6d38a4c5 1431->1433 1434 6d38a4c7-6d38a503 1432->1434 1433->1434 1434->1407 1436 6d38a549-6d38a578 VariantClear * 3 1434->1436 1437 6d38a57a-6d38a57f 1436->1437 1438 6d38a582-6d38a596 1436->1438 1437->1438 1439->1424 1440->1424
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Variant$Clear$Init$Copy
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3214764494-0
                                                                                                                                          • Opcode ID: de2409d914e7e7e4907f333d91f7b193e959b05088488af699f037403529bb33
                                                                                                                                          • Instruction ID: 81ca8e10a1b48c917420944445680efb86e2f668b12776800c55c7a592f78bd5
                                                                                                                                          • Opcode Fuzzy Hash: de2409d914e7e7e4907f333d91f7b193e959b05088488af699f037403529bb33
                                                                                                                                          • Instruction Fuzzy Hash: 577114726083459FD700DF69C880E5AB7E8BF89710F008A6DFA99DB391D731E905CB62
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39CD20 Relevance: 15.5, APIs: 10, Instructions: 485COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1495 6d39cd20-6d39cd97 VariantInit * 3 SafeArrayCreateVector 1496 6d39cd99-6d39cd9c 1495->1496 1497 6d39cda1-6d39cdc0 SafeArrayPutElement VariantClear 1495->1497 1496->1497 1498 6d39d2a0-6d39d2a2 1497->1498 1499 6d39cdc6-6d39cdd1 1497->1499 1502 6d39d2ab-6d39d2d7 VariantClear * 3 1498->1502 1503 6d39d2a4-6d39d2a5 SafeArrayDestroy 1498->1503 1500 6d39cddd-6d39cdef 1499->1500 1501 6d39cdd3-6d39cdd8 call 6d3ec1e0 1499->1501 1500->1498 1506 6d39cdf5-6d39ce01 1500->1506 1501->1500 1503->1502 1506->1498 1507 6d39ce07-6d39cea4 1506->1507 1515 6d39ceba-6d39cf2b 1507->1515 1516 6d39cea6-6d39ceb7 1507->1516 1522 6d39cf2d-6d39cf3e 1515->1522 1523 6d39cf41-6d39d222 1515->1523 1516->1515 1522->1523 1558 6d39d22e-6d39d25c 1523->1558 1559 6d39d224-6d39d229 call 6d3ec1e0 1523->1559 1562 6d39d29d 1558->1562 1563 6d39d25e-6d39d269 1558->1563 1559->1558 1562->1498 1563->1562 1564 6d39d26b-6d39d27b call 6d38db30 1563->1564 1564->1562 1567 6d39d27d-6d39d28d call 6d3956b0 call 6d396880 1564->1567 1571 6d39d292-6d39d299 1567->1571 1571->1562
                                                                                                                                          APIs
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D39CD5C
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D39CD65
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D39CD6B
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D39CD76
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D39CDAA
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39CDB7
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D39D2A5
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39D2B5
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39D2BB
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39D2C1
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2515392200-0
                                                                                                                                          • Opcode ID: 6d0ecfa79d9d92df4f23d353c107cb06d4c987ae6dfbb212b89c4c296d0a0ec5
                                                                                                                                          • Instruction ID: 00fe9603fb5f0e66b6dc694669a989658ed7e7d35d55e343237c7b40e20f3d51
                                                                                                                                          • Opcode Fuzzy Hash: 6d0ecfa79d9d92df4f23d353c107cb06d4c987ae6dfbb212b89c4c296d0a0ec5
                                                                                                                                          • Instruction Fuzzy Hash: 2612F575A15706AFC718DB98DD84DAAB3B9BF8C300F14466CF50A9BB91DA30F841CB50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3966A0 Relevance: 15.2, APIs: 10, Instructions: 155COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1572 6d3966a0-6d396725 VariantInit * 2 SafeArrayCreateVector 1573 6d39672f-6d39674f SafeArrayPutElement VariantClear 1572->1573 1574 6d396727-6d39672a 1572->1574 1575 6d396755-6d396772 1573->1575 1576 6d396844-6d396846 1573->1576 1574->1573 1577 6d39677c-6d39679c SafeArrayPutElement VariantClear 1575->1577 1578 6d396774-6d396779 1575->1578 1579 6d396848-6d396849 SafeArrayDestroy 1576->1579 1580 6d39684f-6d396878 VariantClear * 2 1576->1580 1577->1576 1581 6d3967a2-6d3967b0 1577->1581 1578->1577 1579->1580 1582 6d3967bc-6d3967ef 1581->1582 1583 6d3967b2-6d3967b7 call 6d3ec1e0 1581->1583 1595 6d3967f2 call 265d171 1582->1595 1596 6d3967f2 call 265d170 1582->1596 1583->1582 1585 6d3967f4-6d3967f6 1585->1576 1586 6d3967f8-6d396805 1585->1586 1586->1576 1587 6d396807-6d39681c call 6d38db30 1586->1587 1587->1576 1590 6d39681e-6d39683f call 6d3956b0 call 6d396880 1587->1590 1590->1576 1595->1585 1596->1585
                                                                                                                                          APIs
                                                                                                                                          • VariantInit.OLEAUT32 ref: 6D3966DB
                                                                                                                                          • VariantInit.OLEAUT32 ref: 6D3966EA
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6D396700
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D39673A
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D396747
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D396787
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D396794
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D396849
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39685A
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D396861
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Variant$ArrayClearSafe$ElementInit$CreateDestroyVector
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 551789342-0
                                                                                                                                          • Opcode ID: 93580004b23659c911a95ca67401bedfb71348a3f442beab41636534b8db5fed
                                                                                                                                          • Instruction ID: 2e075a76dc485ef73b14b950157c35271a09ef85e5d552bc9adf0253418b18ed
                                                                                                                                          • Opcode Fuzzy Hash: 93580004b23659c911a95ca67401bedfb71348a3f442beab41636534b8db5fed
                                                                                                                                          • Instruction Fuzzy Hash: 50514676109206AFC700DF64C944B9BBBF9EFC9714F018A59F9559B250EB30E905CBE2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D396B10 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 364COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1597 6d396b10-6d396b6c call 6d3a2500 1600 6d396f1f-6d396f22 1597->1600 1601 6d396b72-6d396b77 1597->1601 1602 6d396f25-6d396f46 InterlockedCompareExchange 1600->1602 1601->1600 1603 6d396b7d-6d396b91 call 6d3851e0 1601->1603 1604 6d396f48-6d396f58 1602->1604 1605 6d396f5b-6d396f6f 1602->1605 1603->1600 1608 6d396b97-6d396bc7 call 6d3a2e20 1603->1608 1604->1605 1608->1600 1612 6d396bcd-6d396bee 1608->1612 1730 6d396bef call 266da47 1612->1730 1731 6d396bef call 266da4c 1612->1731 1613 6d396bf1-6d396bff 1614 6d396f0e-6d396f10 1613->1614 1615 6d396c05-6d396c10 1613->1615 1617 6d396f19-6d396f1d 1614->1617 1618 6d396f12-6d396f13 SafeArrayDestroy 1614->1618 1615->1614 1616 6d396c16-6d396c1f 1615->1616 1616->1614 1619 6d396c25-6d396c2e 1616->1619 1617->1600 1617->1602 1618->1617 1619->1614 1620 6d396c34-6d396c42 call 6d3a2440 1619->1620 1620->1614 1623 6d396c48-6d396c5d call 6d3851e0 1620->1623 1623->1614 1626 6d396c63-6d396c70 call 6d3a28c0 1623->1626 1626->1614 1629 6d396c76-6d396c78 1626->1629 1629->1600 1630 6d396c7e-6d396c93 SafeArrayGetLBound 1629->1630 1630->1614 1631 6d396c99-6d396cae SafeArrayGetUBound 1630->1631 1631->1614 1632 6d396cb4-6d396ccf SafeArrayAccessData 1631->1632 1632->1614 1633 6d396cd5-6d396d01 call 6d395760 SafeArrayUnaccessData 1632->1633 1633->1614 1636 6d396d07-6d396d15 call 6d3a2440 1633->1636 1636->1614 1639 6d396d1b-6d396d44 call 6d3815a0 call 6d381690 call 6d3d9bb5 1636->1639 1646 6d396d51 1639->1646 1647 6d396d46-6d396d4f 1639->1647 1648 6d396d53-6d396d6a call 6d385050 call 6d3d9bb5 1646->1648 1647->1648 1653 6d396d6c-6d396d75 1648->1653 1654 6d396d77 1648->1654 1655 6d396d79-6d396d8b call 6d385050 call 6d3d9bb5 1653->1655 1654->1655 1660 6d396d98 1655->1660 1661 6d396d8d-6d396d96 1655->1661 1662 6d396d9a-6d396db7 call 6d385050 call 6d3850c0 call 6d3d9bb5 1660->1662 1661->1662 1669 6d396db9-6d396dc5 1662->1669 1670 6d396dc7 1662->1670 1671 6d396dc9-6d396dec call 6d385050 call 6d3850c0 call 6d3d9bb5 1669->1671 1670->1671 1678 6d396df9 1671->1678 1679 6d396dee-6d396df7 1671->1679 1680 6d396dfb-6d396e1e call 6d385050 call 6d3850c0 call 6d3d9bb5 1678->1680 1679->1680 1687 6d396e2b 1680->1687 1688 6d396e20-6d396e29 1680->1688 1689 6d396e2d-6d396e3f call 6d385050 call 6d3d9bb5 1687->1689 1688->1689 1694 6d396e41-6d396e4e 1689->1694 1695 6d396e50 1689->1695 1696 6d396e52-6d396e64 call 6d385050 call 6d3d9bb5 1694->1696 1695->1696 1701 6d396e71 1696->1701 1702 6d396e66-6d396e6f 1696->1702 1703 6d396e73-6d396ea0 call 6d385050 call 6d3850c0 * 2 call 6d3d9bb5 1701->1703 1702->1703 1712 6d396ead 1703->1712 1713 6d396ea2-6d396eab 1703->1713 1714 6d396eaf-6d396ee2 call 6d385050 call 6d3850c0 * 2 call 6d382a40 1712->1714 1713->1714 1723 6d396ef1-6d396f0b call 6d382f70 call 6d381630 1714->1723 1724 6d396ee4-6d396eea 1714->1724 1723->1614 1724->1723 1725 6d396eec-6d396eef 1724->1725 1725->1723 1730->1613 1731->1613
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayGetLBound.OLEAUT32(00000000,?,?), ref: 6D396C8B
                                                                                                                                          • SafeArrayGetUBound.OLEAUT32(00000000,?,?), ref: 6D396CA6
                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6D396CC7
                                                                                                                                            • Part of subcall function 6D395760: std::tr1::_Xweak.LIBCPMT ref: 6D395769
                                                                                                                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6D396CF9
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D396F13
                                                                                                                                          • InterlockedCompareExchange.KERNEL32(6D41C6A4,45524548,4B4F4F4C), ref: 6D396F34
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArraySafe$BoundData$AccessCompareDestroyExchangeInterlockedUnaccessXweak_mallocstd::tr1::_
                                                                                                                                          • String ID: .:m$ .:m
                                                                                                                                          • API String ID: 2722669376-2155318909
                                                                                                                                          • Opcode ID: 6f2cc23ba35b4965f813dd576b4e2606693643b611470b2793dff8abf491a88b
                                                                                                                                          • Instruction ID: 0cc2705cd9fbcff5c7ac0f411a979b0ccf0ea58df824a3282f360de2b87e0494
                                                                                                                                          • Opcode Fuzzy Hash: 6f2cc23ba35b4965f813dd576b4e2606693643b611470b2793dff8abf491a88b
                                                                                                                                          • Instruction Fuzzy Hash: D1D103B1A052059FDB10CFA4C891BAEB7F8FF44304F158469E656AB285E775ED00CBE1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39840E Relevance: 13.8, APIs: 9, Instructions: 332COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D3984BF
                                                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D3984D2
                                                                                                                                          • SafeArrayGetElement.OLEAUT32 ref: 6D39850A
                                                                                                                                            • Part of subcall function 6D393A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D393B71
                                                                                                                                            • Part of subcall function 6D393A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D393B83
                                                                                                                                            • Part of subcall function 6D3969C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6D396A08
                                                                                                                                            • Part of subcall function 6D3969C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D396A15
                                                                                                                                            • Part of subcall function 6D3969C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D396A41
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE63
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE73
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE86
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE99
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEAC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEBF
                                                                                                                                            • Part of subcall function 6D38DFB0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6D38DFF6
                                                                                                                                            • Part of subcall function 6D38DFB0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D38E003
                                                                                                                                            • Part of subcall function 6D38DFB0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D38E02F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArraySafe$Bound$Destroy$Element
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 959723449-0
                                                                                                                                          • Opcode ID: bcae0ef143eb87f014faad798323e5f55b46cb0d008f8e4365cda0c7262e3114
                                                                                                                                          • Instruction ID: 2319b52941a5edca7f319310ca8cf5e9986dd8fd31bc086b602c6301177d44b8
                                                                                                                                          • Opcode Fuzzy Hash: bcae0ef143eb87f014faad798323e5f55b46cb0d008f8e4365cda0c7262e3114
                                                                                                                                          • Instruction Fuzzy Hash: D1C18070A052059FDB10CF68CD90FADB7B9AF89304F148198EA59EF286EB71ED40CB50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D394170 Relevance: 13.8, APIs: 9, Instructions: 277COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D3941AF
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D3941B5
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D3941C0
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6D3941F5
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D394201
                                                                                                                                          • std::tr1::_Xweak.LIBCPMT ref: 6D394450
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39446D
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39447D
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D394483
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1774866819-0
                                                                                                                                          • Opcode ID: 892af7b4d0546336777b3f6504b6998960b940373395e7c460325ea391729ed5
                                                                                                                                          • Instruction ID: fe71526419a83cf9b607fdc78f4875fabfa0225c69b9133a3af80ec0f659866a
                                                                                                                                          • Opcode Fuzzy Hash: 892af7b4d0546336777b3f6504b6998960b940373395e7c460325ea391729ed5
                                                                                                                                          • Instruction Fuzzy Hash: 1FB11775600609AFCB14DF98C884EBAB7F9BF8D310F15856CE50AAB791DA35F841CB60
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39C530 Relevance: 13.8, APIs: 9, Instructions: 259COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D39C56F
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D39C575
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D39C580
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D39C5B5
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39C5C1
                                                                                                                                          • std::tr1::_Xweak.LIBCPMT ref: 6D39C7D4
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39C7F1
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39C801
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39C807
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1774866819-0
                                                                                                                                          • Opcode ID: f6f5a1e6edb974231a0729208b295653dd195762658d3bb478a68302cd2f76ee
                                                                                                                                          • Instruction ID: 64988619b6d67adfe4badb3fda37dbc60eaf021811e072e89062edcfd11e044e
                                                                                                                                          • Opcode Fuzzy Hash: f6f5a1e6edb974231a0729208b295653dd195762658d3bb478a68302cd2f76ee
                                                                                                                                          • Instruction Fuzzy Hash: 03A13975600609AFCB14DF98C884EBAB7F9BF8D310F158569E506AB790D734B941CB60
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D396880 Relevance: 13.6, APIs: 9, Instructions: 117COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D3968B2
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D3968BD
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6D3968D7
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D3968FD
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D396909
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D396923
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D396981
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39699E
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D3969A4
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Variant$ArraySafe$Clear$ElementInit$CreateDestroyVector
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3529038988-0
                                                                                                                                          • Opcode ID: 46f551ab444f0613f46bd55804ef9ac6733d9a38e7cb458ba56d34a2ed6c55ad
                                                                                                                                          • Instruction ID: bf3dd606471e24a419c58b236a3c4a30087e76ec1475cdc4a90986862937ada8
                                                                                                                                          • Opcode Fuzzy Hash: 46f551ab444f0613f46bd55804ef9ac6733d9a38e7cb458ba56d34a2ed6c55ad
                                                                                                                                          • Instruction Fuzzy Hash: DD4151B2901219AFDB00DFA9D884FEEBBB8FF99314F14411AE505A7340E775A905CBE0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D38DB30 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 85COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D38DB5E
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D38DB6E
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D38DB82
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D38DBF1
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D38DBFB
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArraySafe$Variant$ClearCreateDestroyElementInitVector
                                                                                                                                          • String ID: 9K9m$19m
                                                                                                                                          • API String ID: 182531043-784816483
                                                                                                                                          • Opcode ID: 523c97f3d62ff99a1509c4171bb9ba79ff364b8d501b21d0a900de20b4c53745
                                                                                                                                          • Instruction ID: 84cbc6464eb8e0b18e8d0a3ab84bb80dcb896de98f0663205fc3dd9969351817
                                                                                                                                          • Opcode Fuzzy Hash: 523c97f3d62ff99a1509c4171bb9ba79ff364b8d501b21d0a900de20b4c53745
                                                                                                                                          • Instruction Fuzzy Hash: 39318F76A00209AFDB01DF54D944FEEBBF8EF8A720F11815AE911A7340D735A801CBA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D38C020 Relevance: 12.3, APIs: 8, Instructions: 309COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Variant$ClearInit
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2610073882-0
                                                                                                                                          • Opcode ID: 075b0a98a32d21cc37c8ba562ff00f27796f8dd159b9cfae5edc5bfecf8f934a
                                                                                                                                          • Instruction ID: a8c531f8d645c5879d3727806314179226ad2ac6e3a3d35abfc5c8b4b4b2c555
                                                                                                                                          • Opcode Fuzzy Hash: 075b0a98a32d21cc37c8ba562ff00f27796f8dd159b9cfae5edc5bfecf8f934a
                                                                                                                                          • Instruction Fuzzy Hash: 4AC134716087019FC300DF68C88096AFBE9FFC9704F248A4DE5989B266D775E845CB92
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3816B0 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 487COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::tr1::_Xweak.LIBCPMT ref: 6D381B53
                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D381B5D
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D381C43
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D381C58
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8ThrowXinvalid_argumentXweak_mallocstd::_std::exception::exceptionstd::tr1::_
                                                                                                                                          • String ID: 0B?m$invalid vector<T> subscript
                                                                                                                                          • API String ID: 3098024973-2473421748
                                                                                                                                          • Opcode ID: bea234776d4712feb67da7aefb54686a1076a8a897bba07d436731ec7d217c4d
                                                                                                                                          • Instruction ID: d7bbb850a16d0f8e508f36f7eb54c568a9d285a0e8069f82c1574ba09874c2dd
                                                                                                                                          • Opcode Fuzzy Hash: bea234776d4712feb67da7aefb54686a1076a8a897bba07d436731ec7d217c4d
                                                                                                                                          • Instruction Fuzzy Hash: A2222BB5C007099FCB24CFA4C4809EEBBF5BF44314F118A6DD55AAB351E774AA88CB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3A1FD0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 175COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3A2206
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3A2221
                                                                                                                                            • Part of subcall function 6D3A6480: __CxxThrowException@8.LIBCMT ref: 6D3A6518
                                                                                                                                            • Part of subcall function 6D3A6480: __CxxThrowException@8.LIBCMT ref: 6D3A6558
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw$_mallocstd::exception::exception
                                                                                                                                          • String ID: 0B?m$@-:m .:m$ILProtector$lQ?m
                                                                                                                                          • API String ID: 84431791-1351054668
                                                                                                                                          • Opcode ID: 1c27b104990d20c72b24be4c1dc6ebd71137bf4feff759a1ebdaec955d245ef9
                                                                                                                                          • Instruction ID: 6903f8b452f7f17648a5b29b782a350229877b6679d732064d0c0b3b010224c9
                                                                                                                                          • Opcode Fuzzy Hash: 1c27b104990d20c72b24be4c1dc6ebd71137bf4feff759a1ebdaec955d245ef9
                                                                                                                                          • Instruction Fuzzy Hash: 23712A75909259DFCB24CFA8C984BEEBBB4EB49304F1481A9E559A7340DB306A44CF91
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3D9BB5 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 41COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                            • Part of subcall function 6D3D9D66: __FF_MSGBANNER.LIBCMT ref: 6D3D9D7F
                                                                                                                                            • Part of subcall function 6D3D9D66: __NMSG_WRITE.LIBCMT ref: 6D3D9D86
                                                                                                                                            • Part of subcall function 6D3D9D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6D3D9BD4,6D371290,2D641B6B), ref: 6D3D9DAB
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3D9C04
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3D9C1E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3D9C2F
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                                                                                                                          • String ID: 0B?m$Q8m
                                                                                                                                          • API String ID: 615853336-2336870343
                                                                                                                                          • Opcode ID: ced833ceb4d2e5172fbbaa6a91e34d88e100feb1c61d88bdb53e0b80519aef4b
                                                                                                                                          • Instruction ID: a76486c2cc9ff40d6442f5a5a647f5f574f0395439acf6c7d3938f61e0d98f13
                                                                                                                                          • Opcode Fuzzy Hash: ced833ceb4d2e5172fbbaa6a91e34d88e100feb1c61d88bdb53e0b80519aef4b
                                                                                                                                          • Instruction Fuzzy Hash: 19F0F43341410EAADF80EF64CD26F7D7AB8AB46718F014028E95092281DBB18A028E71
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D386C60 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(00000011,00000000,00000000), ref: 6D386C73
                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000000,<l8m), ref: 6D386C87
                                                                                                                                          • _memmove.LIBCMT ref: 6D386C9A
                                                                                                                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6D386CA3
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArraySafe$Data$AccessCreateUnaccessVector_memmove
                                                                                                                                          • String ID: <l8m
                                                                                                                                          • API String ID: 3147195435-4276620127
                                                                                                                                          • Opcode ID: 8d267de1abfd8d393992b7ee17bcd1e7f03f2e23c0d8c2cc809172d55fa15f94
                                                                                                                                          • Instruction ID: b9f64ba64550c2dd1cf888c8d55d03efc00b1eb5e34dfca502b59e497f1206a7
                                                                                                                                          • Opcode Fuzzy Hash: 8d267de1abfd8d393992b7ee17bcd1e7f03f2e23c0d8c2cc809172d55fa15f94
                                                                                                                                          • Instruction Fuzzy Hash: 32F0FE76214218BBEB106F51DC89F977BBCEF9A765F008115FA188A241E770D500DBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3DA42D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: T@12
                                                                                                                                          • String ID: a0
                                                                                                                                          • API String ID: 456891419-3188653782
                                                                                                                                          • Opcode ID: b72965f0e17d4c8323ab68e6e828acae9e0f5b438acce1c86f15fe99fb9f6787
                                                                                                                                          • Instruction ID: 7d7d2b360a6e96d91c8e8e4d0740725404926c82b9f8da6737a8bc0a26083ea7
                                                                                                                                          • Opcode Fuzzy Hash: b72965f0e17d4c8323ab68e6e828acae9e0f5b438acce1c86f15fe99fb9f6787
                                                                                                                                          • Instruction Fuzzy Hash: 7311A2B2D0421769DBA09A778E4DF7FBABCAF91794F01C434A561E2240D739C900CEA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3A3EB0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 242COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3A4042
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3A4059
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                            • Part of subcall function 6D3D9BB5: std::exception::exception.LIBCMT ref: 6D3D9C04
                                                                                                                                            • Part of subcall function 6D3D9BB5: std::exception::exception.LIBCMT ref: 6D3D9C1E
                                                                                                                                            • Part of subcall function 6D3D9BB5: __CxxThrowException@8.LIBCMT ref: 6D3D9C2F
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: std::exception::exception$Exception@8Throw$Copy_strExceptionRaise_mallocstd::exception::_
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2813683038-3383511498
                                                                                                                                          • Opcode ID: faebd317191b1d64e19ca4b0be6e93c97f772bee2615df9509fbac559f591e68
                                                                                                                                          • Instruction ID: 2b0ccee21bd91adaa22db00a0f79af900d80a635172f38247cd07c30f1971653
                                                                                                                                          • Opcode Fuzzy Hash: faebd317191b1d64e19ca4b0be6e93c97f772bee2615df9509fbac559f591e68
                                                                                                                                          • Instruction Fuzzy Hash: 6391B1B29083049FD701CF99C845B6AFBF8FF94344F15896AE5599B290E7B1D900CFA2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3862C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 149COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D386466
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D38647D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: d90e19523bb029c6237b6a43cf44f30aaa833411a9d2a1d7f8d0132b12a66c0d
                                                                                                                                          • Instruction ID: efd07eafce8a71f36cdc6ed3e27cf07a31acf8e10ca6757c65643c93794a9121
                                                                                                                                          • Opcode Fuzzy Hash: d90e19523bb029c6237b6a43cf44f30aaa833411a9d2a1d7f8d0132b12a66c0d
                                                                                                                                          • Instruction Fuzzy Hash: 41518BF28183409FD740CF58D881A5ABBE4FB85744F51892EFA998B391D7B1D904CBA3
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39D2E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D39D3E8
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D39D3FF
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 4063778783-3383511498
                                                                                                                                          • Opcode ID: f1b6bbc921e63be00132e0960a6a38038a7b6581254d890557e3cba050c4578b
                                                                                                                                          • Instruction ID: 9fd9b0b1858f76a467cbf6dc8433b75bf7453098be3d51b8c9a0600214cdd78e
                                                                                                                                          • Opcode Fuzzy Hash: f1b6bbc921e63be00132e0960a6a38038a7b6581254d890557e3cba050c4578b
                                                                                                                                          • Instruction Fuzzy Hash: 3F314B715087059FC704CF28D8819AAB7F4FF89714F508A6EF5958B350E731EA06CB92
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3A27B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3A27FA
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3A280F
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 4063778783-3383511498
                                                                                                                                          • Opcode ID: ed08b3ba96b82cf86441c15d6b30ff9b760edfbd3320950abdbca43de97f9582
                                                                                                                                          • Instruction ID: 4604ea0813ada120dc0da39aa539976532325c266ee68f757ed25c772a8cfe9f
                                                                                                                                          • Opcode Fuzzy Hash: ed08b3ba96b82cf86441c15d6b30ff9b760edfbd3320950abdbca43de97f9582
                                                                                                                                          • Instruction Fuzzy Hash: C50181B99042099FC748CF58DA508BAB7F5FF98300B15C5ADC92A47751EB32AA01CBA5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D389110 Relevance: 5.1, APIs: 4, Instructions: 122COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6D38913B
                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6D38915C
                                                                                                                                          • EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 6D389170
                                                                                                                                          • LeaveCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 6D389191
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3168844106-0
                                                                                                                                          • Opcode ID: b1cd765f41f3c5e960da6d66ed7bb6310ce21855683219bd6422ca2006937438
                                                                                                                                          • Instruction ID: 2d21c4d0b2bdd6c40b83dbb00cd0213c720e8f2427da4c6107c66dc2c4e1fbc7
                                                                                                                                          • Opcode Fuzzy Hash: b1cd765f41f3c5e960da6d66ed7bb6310ce21855683219bd6422ca2006937438
                                                                                                                                          • Instruction Fuzzy Hash: D341517690020AEFCB04DF95D9859EEFBB4FF88310B11855ED916AB301D731AA05CBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D388E20 Relevance: 4.7, APIs: 3, Instructions: 162COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • EnterCriticalSection.KERNEL32 ref: 6D388E89
                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,00000000), ref: 6D388EAD
                                                                                                                                          • _memset.LIBCMT ref: 6D388ED2
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalSection$EnterLeave_memset
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3751686142-0
                                                                                                                                          • Opcode ID: 453c237f6bc1d25fa92b3dcc304f2de28f3aa1ff8a6e7cadf3c5e54c46916123
                                                                                                                                          • Instruction ID: 5101997f9ddee5b176d6b541e9b543fdf7bd355631dde85bb63c3e55d1bdd206
                                                                                                                                          • Opcode Fuzzy Hash: 453c237f6bc1d25fa92b3dcc304f2de28f3aa1ff8a6e7cadf3c5e54c46916123
                                                                                                                                          • Instruction Fuzzy Hash: 76517CB5A00205AFC748CF58E890F6AB7B6FF89304F10C158EA5A8B382C731ED55CB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D38D920 Relevance: 4.6, APIs: 3, Instructions: 81COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000D,00000000,00000002), ref: 6D38D949
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,00000000), ref: 6D38D96C
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D38D9CF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArraySafe$CreateDestroyElementVector
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3149346722-0
                                                                                                                                          • Opcode ID: f8aa324a986cb00dd5cf92a02eb05073f3afa46e21b88cf2e47bce41af6ed26d
                                                                                                                                          • Instruction ID: 32709e2f49fcd4de222729d94229bbc7f0c58d0f3fe79ea6820ed9dd87281c9c
                                                                                                                                          • Opcode Fuzzy Hash: f8aa324a986cb00dd5cf92a02eb05073f3afa46e21b88cf2e47bce41af6ed26d
                                                                                                                                          • Instruction Fuzzy Hash: 21217F35600219AFEB11CF99DC84FAB77B8EF8A750F10809AE945DB245D771DD01CBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39DB10 Relevance: 4.6, APIs: 3, Instructions: 63COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D39DB2D
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6D39DB45
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D39DBA2
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArraySafe$CreateDestroyElementVector
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3149346722-0
                                                                                                                                          • Opcode ID: 0ef79bd2c3195743efeaed4aee656d3f237703e06ab4d9b211d535c7b41c95e2
                                                                                                                                          • Instruction ID: f77419bfe7944dbbf9e29837198b84af8fbe3628b67f31d68b79565adc46556f
                                                                                                                                          • Opcode Fuzzy Hash: 0ef79bd2c3195743efeaed4aee656d3f237703e06ab4d9b211d535c7b41c95e2
                                                                                                                                          • Instruction Fuzzy Hash: 0F11BF75641209AFD700DF69D889FAABBF8FF5E310F048199E908DB341E770A800CBA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39E2CE Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 214COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _malloc
                                                                                                                                          • String ID: |@m
                                                                                                                                          • API String ID: 1579825452-3422988631
                                                                                                                                          • Opcode ID: 9147bae4a7051b62f8b11721dc83ec08aedc959c0d8fdbade32ec8b21b41ba8d
                                                                                                                                          • Instruction ID: 900852a2ab40006de9c9da4bf1f347d5f04ad4f6bf3a1adf548cebcdb6b7d7b2
                                                                                                                                          • Opcode Fuzzy Hash: 9147bae4a7051b62f8b11721dc83ec08aedc959c0d8fdbade32ec8b21b41ba8d
                                                                                                                                          • Instruction Fuzzy Hash: B48196F19093418FE7119FA4C89672AB7E4BB41304F16897DD399AF291E7B1C8448B63
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D38BDF7 Relevance: 3.2, APIs: 2, Instructions: 200COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D38BE2D
                                                                                                                                          • IsBadReadPtr.KERNEL32(00000000,00000008,?,?,?), ref: 6D38BE6D
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroyReadSafe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 616443815-0
                                                                                                                                          • Opcode ID: 483966fdad52376d702c620f47d7a134d9fa66928fab77e17d696ba91d66ef61
                                                                                                                                          • Instruction ID: 23cb74ba8a309e7f82fadc45fea25e158f746acff9fda6bf085bc3f24a79ab07
                                                                                                                                          • Opcode Fuzzy Hash: 483966fdad52376d702c620f47d7a134d9fa66928fab77e17d696ba91d66ef61
                                                                                                                                          • Instruction Fuzzy Hash: 6471E272D086975FDB218F74C881679FBB1AB4A224F18839CD9E59B2D7C332E442CB51
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D388D60 Relevance: 2.6, APIs: 2, Instructions: 78COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,00000000,6D388C13,?,6D388CD3,?,6D388C13,00000000,?,?,6D388C13,?,?), ref: 6D388D73
                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,6D388CD3,?,6D388C13,00000000,?,?,6D388C13,?,?), ref: 6D388D8C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3168844106-0
                                                                                                                                          • Opcode ID: 204071391dc3f9860969463efbe21ce18d486b19e034f711da5d4995d4f95340
                                                                                                                                          • Instruction ID: 3c220337c62ae30d3fda3eb8a4a21826e82da974f878f88943f5bb8daa18f7c5
                                                                                                                                          • Opcode Fuzzy Hash: 204071391dc3f9860969463efbe21ce18d486b19e034f711da5d4995d4f95340
                                                                                                                                          • Instruction Fuzzy Hash: 6C21097520020AEFCB04DF99D990DAAB3BAFFC9310B148559F91A87351C731EE16CBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D388BC0 Relevance: 2.6, APIs: 2, Instructions: 52COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,6D386890,?), ref: 6D388BDD
                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 6D388C23
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3168844106-0
                                                                                                                                          • Opcode ID: 1cdc373515c4513dd717f92d6e5c66b468d243291fb6a5fe224b5499d34e4355
                                                                                                                                          • Instruction ID: f74063e75e961cea561bad8b04e1b0ee999cc4c549e7c989f37d4d45e0b4808a
                                                                                                                                          • Opcode Fuzzy Hash: 1cdc373515c4513dd717f92d6e5c66b468d243291fb6a5fe224b5499d34e4355
                                                                                                                                          • Instruction Fuzzy Hash: 98018FB2705105AFC744DFA8E880A9AF7A9FF9D210710426AEA45C7301DB72EE51C7D5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 04DFC085 Relevance: 1.8, APIs: 1, Instructions: 297processCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 04DFC35F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2099784074.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_4df0000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CreateProcess
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 963392458-0
                                                                                                                                          • Opcode ID: 775886b2143d1bee46122ee8c9dc74ace9892789af89af6559579e9dd1c7a3b3
                                                                                                                                          • Instruction ID: 2cc018b45fd64b54e8df5d5dc73e8e1946f7e52aa7f040ba6bc31a9fc44ea475
                                                                                                                                          • Opcode Fuzzy Hash: 775886b2143d1bee46122ee8c9dc74ace9892789af89af6559579e9dd1c7a3b3
                                                                                                                                          • Instruction Fuzzy Hash: CBB10171D1025DCFEF20CFA8C8857AEBBF1BB49704F109169E958A7280D774A9A5CF81
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 04DFC090 Relevance: 1.8, APIs: 1, Instructions: 295processCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 04DFC35F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2099784074.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_4df0000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CreateProcess
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 963392458-0
                                                                                                                                          • Opcode ID: a8d97f1be23c7701b542bde833a6064f36affcbff2d4738d22ad19ce2510047f
                                                                                                                                          • Instruction ID: 4f543db2b828de588506a45d8f01011d6fc40df14a2ab8a4b3dce6c3a96e1dea
                                                                                                                                          • Opcode Fuzzy Hash: a8d97f1be23c7701b542bde833a6064f36affcbff2d4738d22ad19ce2510047f
                                                                                                                                          • Instruction Fuzzy Hash: 74B10070D1025DCFEB20CFA8C8857AEBBF1BB49704F109169E958A7280D774A9A5CF85
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 04DFC7A8 Relevance: 1.6, APIs: 1, Instructions: 119injectionCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04DFC885
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2099784074.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_4df0000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MemoryProcessWrite
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3559483778-0
                                                                                                                                          • Opcode ID: ee50ffa86cba46fc47e069b8fdbee377b35097e8f93c213a5154ad72da70fed2
                                                                                                                                          • Instruction ID: 42b5eacf983ab3a2c7d93e1e37561308e792cab153e7d5e0b1be2cfc5e9b63c9
                                                                                                                                          • Opcode Fuzzy Hash: ee50ffa86cba46fc47e069b8fdbee377b35097e8f93c213a5154ad72da70fed2
                                                                                                                                          • Instruction Fuzzy Hash: AB4196B5D002589FDF10CFA9D980ADEFBF0BB49320F24902AE918BB250D375A955CB64
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 04DFC7B0 Relevance: 1.6, APIs: 1, Instructions: 115injectionCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04DFC885
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2099784074.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_4df0000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MemoryProcessWrite
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3559483778-0
                                                                                                                                          • Opcode ID: 11accb9d743838152b0021272b44d128569ad72523f7019939fef93b7ece2101
                                                                                                                                          • Instruction ID: 0eb9c713291144586c5a079759099e2fd1832bb06e22dfaf422d3c051e30bdb7
                                                                                                                                          • Opcode Fuzzy Hash: 11accb9d743838152b0021272b44d128569ad72523f7019939fef93b7ece2101
                                                                                                                                          • Instruction Fuzzy Hash: AC4166B5D002589FDF10CFA9D984A9EFBF1BB49310F24902AE918BB210D375A955CF64
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 04DFC688 Relevance: 1.6, APIs: 1, Instructions: 104memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 04DFC73C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2099784074.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_4df0000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                          • Opcode ID: 4bca2f8d0d569693dd3bf3fcb749ae68587f12fd0ca6b34abcfa09b4d839047c
                                                                                                                                          • Instruction ID: 4da379998ef15f8a5e43ba807007f80493506660a5b7e9ba3c203aae8c999510
                                                                                                                                          • Opcode Fuzzy Hash: 4bca2f8d0d569693dd3bf3fcb749ae68587f12fd0ca6b34abcfa09b4d839047c
                                                                                                                                          • Instruction Fuzzy Hash: 844178B9D002589FCF10CFA9D984A9EFBB1BB49710F20911AE918B7350D375A951CB54
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 04DFC690 Relevance: 1.6, APIs: 1, Instructions: 100memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 04DFC73C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2099784074.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_4df0000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                          • Opcode ID: feaab46096e41bdee897e0d754a81a45ec19858936ad872dd16235a6db9bf547
                                                                                                                                          • Instruction ID: 5fcfa6a031fc3299ebf2c0ba00c5065c288be98d617172a33dedf8e469d5fed6
                                                                                                                                          • Opcode Fuzzy Hash: feaab46096e41bdee897e0d754a81a45ec19858936ad872dd16235a6db9bf547
                                                                                                                                          • Instruction Fuzzy Hash: AC3166B9D012589FCF10CFA9D984A9EFBB5BB4A310F20A01AE918B7310D375A951CF64
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D387140 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3A2820: _malloc.LIBCMT ref: 6D3A2871
                                                                                                                                          • std::tr1::_Xweak.LIBCPMT ref: 6D3871D2
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Xweak_mallocstd::tr1::_
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4085767713-0
                                                                                                                                          • Opcode ID: c2efba15d73bfe8d6e5db9d906f4fdfa937b020affeab89cb28c1cfb48460672
                                                                                                                                          • Instruction ID: e034d88b90a2190a3ddca9862f1d6a2bbad7d0be0baa925b356c8df6a1b13b86
                                                                                                                                          • Opcode Fuzzy Hash: c2efba15d73bfe8d6e5db9d906f4fdfa937b020affeab89cb28c1cfb48460672
                                                                                                                                          • Instruction Fuzzy Hash: FD317EB5B0464A9FCB10CFA9C981BBAB7BAFF49204F10865DE86597741D331EA05CB60
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 04DFC588 Relevance: 1.6, APIs: 1, Instructions: 83threadCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 04DFC61B
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2099784074.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_4df0000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ContextThreadWow64
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 983334009-0
                                                                                                                                          • Opcode ID: 27cf8050d130faa5274b7257a3842083a56c7bbd3dfeb89dc5491750158df7c0
                                                                                                                                          • Instruction ID: 04c2dca9bdac2fcb556d975ecf81ae6114fc3949834854133f6f3e04507ba366
                                                                                                                                          • Opcode Fuzzy Hash: 27cf8050d130faa5274b7257a3842083a56c7bbd3dfeb89dc5491750158df7c0
                                                                                                                                          • Instruction Fuzzy Hash: E831A8B5D052589FCB10CFA9E584AAEBBF0BB49310F24902AE418B7310D374AA45CB64
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 04DFC590 Relevance: 1.6, APIs: 1, Instructions: 81threadCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 04DFC61B
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2099784074.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_4df0000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ContextThreadWow64
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 983334009-0
                                                                                                                                          • Opcode ID: c057287b86dc4dc404c02eaf31cd7db2ab8407004ef801fb67bba62356cafdd4
                                                                                                                                          • Instruction ID: 28076bdd79b6c1181333f62838f23a7f7071b00b6b4144841c13880a547c233f
                                                                                                                                          • Opcode Fuzzy Hash: c057287b86dc4dc404c02eaf31cd7db2ab8407004ef801fb67bba62356cafdd4
                                                                                                                                          • Instruction Fuzzy Hash: BE3199B5D052589FCB10CFA9E984AAEFBF0BB49710F24902AE418B7310D774A944CF64
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 04DFC958 Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ResumeThread.KERNELBASE(?), ref: 04DFC9DD
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2099784074.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_4df0000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ResumeThread
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 947044025-0
                                                                                                                                          • Opcode ID: b9850ee0ff63b1c0483ab12b4d803a122a437407d9ffd0338d6cc51c8592dadd
                                                                                                                                          • Instruction ID: b85cce57f6ae18bd9433e75cf0aa1dbeac45fa8557c84d544777a56ace028dec
                                                                                                                                          • Opcode Fuzzy Hash: b9850ee0ff63b1c0483ab12b4d803a122a437407d9ffd0338d6cc51c8592dadd
                                                                                                                                          • Instruction Fuzzy Hash: 9E31B8B5D012189FCB10CFA9D984A9EFBB4BB49324F10902AE918B7310D775A941CF64
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 04DFC960 Relevance: 1.6, APIs: 1, Instructions: 71threadCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ResumeThread.KERNELBASE(?), ref: 04DFC9DD
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2099784074.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_4df0000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ResumeThread
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 947044025-0
                                                                                                                                          • Opcode ID: 696a2028da8149d93f6b736045bb337c2a653d7ca3e09b5f9cdde222adc1a4d8
                                                                                                                                          • Instruction ID: bfbd819d62ee80c07b3cad079737bd7ec2ad9fa91ea482b1d50487f7561f6ffd
                                                                                                                                          • Opcode Fuzzy Hash: 696a2028da8149d93f6b736045bb337c2a653d7ca3e09b5f9cdde222adc1a4d8
                                                                                                                                          • Instruction Fuzzy Hash: 8E31A7B5D012189FCB10CFA9E984A9EFBF4BB49320F10902AE918B7310D775A900CF64
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39EA40 Relevance: 1.5, APIs: 1, Instructions: 47memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • SysAllocString.OLEAUT32 ref: 6D39EA8D
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AllocString_malloc
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 959018026-0
                                                                                                                                          • Opcode ID: 386a28968e02b65f8ffb0ef76edd4bc760fc99095fc69cd776d4600a65007851
                                                                                                                                          • Instruction ID: 467b2ea5d19d901b43754205f1df2b3d55981ec2a83b191dec2c630607e1ac38
                                                                                                                                          • Opcode Fuzzy Hash: 386a28968e02b65f8ffb0ef76edd4bc760fc99095fc69cd776d4600a65007851
                                                                                                                                          • Instruction Fuzzy Hash: 940184B1805755EFE711CF54C901B6AB7B8FB05B64F11431AE865EB390E7B59900CAD0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3D9D21 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 6D3DE8DC
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: H_prolog3_catch_malloc
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 529455676-0
                                                                                                                                          • Opcode ID: 18e5b0f1ed9bd9ad8ea22b893a254599b7a581bced3d642919e9e47fdbd93065
                                                                                                                                          • Instruction ID: c06f2a8bab233bafe0e6a25fa05cf83ae836b738f2aff9a0fd7398a726d90519
                                                                                                                                          • Opcode Fuzzy Hash: 18e5b0f1ed9bd9ad8ea22b893a254599b7a581bced3d642919e9e47fdbd93065
                                                                                                                                          • Instruction Fuzzy Hash: 32D05B3352C2089BCB819BD49405B5D7BA46B45359F518055E244B6180DAB14A108B76
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3DA510 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ___security_init_cookie.LIBCMT ref: 6D3DA510
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ___security_init_cookie
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3657697845-0
                                                                                                                                          • Opcode ID: 27b748a9c275510458f0068f842967d98f7d0f67ac18c1338cd75791cb2cbf1f
                                                                                                                                          • Instruction ID: 646b8a82de1c0199df6648e68d4e33af4e68d1f5f6fa1f8eec0a9c9799445ddb
                                                                                                                                          • Opcode Fuzzy Hash: 27b748a9c275510458f0068f842967d98f7d0f67ac18c1338cd75791cb2cbf1f
                                                                                                                                          • Instruction Fuzzy Hash: C0C09B771083489FCB44CF10F440C5E3725AF54224711D125FD98067519B319571ED54
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 02830A82 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091797344.0000000002830000.00000040.00000800.00020000.00000000.sdmp, Offset: 02830000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_2830000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: 0u
                                                                                                                                          • API String ID: 0-3203441087
                                                                                                                                          • Opcode ID: e9eb7fbcaeebd89349c07d5cebfca37fffef95c047959bcdc1d9d9c6667c90bd
                                                                                                                                          • Instruction ID: 8a5b258b12bd574b6eb0c3d5131f4f7d290acd021bacfd57efd44c64fcbf5adf
                                                                                                                                          • Opcode Fuzzy Hash: e9eb7fbcaeebd89349c07d5cebfca37fffef95c047959bcdc1d9d9c6667c90bd
                                                                                                                                          • Instruction Fuzzy Hash: B7318D78D45248CFCB06CFA4E4886EEBBB9EF89304F04A569C409E7250DB385A95CF90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 02830BF2 Relevance: .1, Instructions: 113COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091797344.0000000002830000.00000040.00000800.00020000.00000000.sdmp, Offset: 02830000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_2830000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d11d13386ed3fd1905a42ce9878277137fa6b7315b5c4fd91d075b7175fb5026
                                                                                                                                          • Instruction ID: 9c9698ec8a60d970a9f590e0f8905303ad662f4b4c0802a585076dc761674627
                                                                                                                                          • Opcode Fuzzy Hash: d11d13386ed3fd1905a42ce9878277137fa6b7315b5c4fd91d075b7175fb5026
                                                                                                                                          • Instruction Fuzzy Hash: DF41A078E00209CFDB04DFE8D984AAEBBB6FF88310F149519E509A7355DA34A942CF90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 0283B2D8 Relevance: .1, Instructions: 106COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091797344.0000000002830000.00000040.00000800.00020000.00000000.sdmp, Offset: 02830000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_2830000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 4fe3bf4488ed803435f6608796579f9230f64b244ef27876d8a3551cdc0d3809
                                                                                                                                          • Instruction ID: 769e13fe84b312ba2cc695a5fd354ecc7aec992d37546987814d4e1362c7f5f5
                                                                                                                                          • Opcode Fuzzy Hash: 4fe3bf4488ed803435f6608796579f9230f64b244ef27876d8a3551cdc0d3809
                                                                                                                                          • Instruction Fuzzy Hash: F241CFB8D0521CDBDB05CFAAE5846EEBBF6BF88318F14952AE419E7200D7705A41CF91
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 02839FF8 Relevance: .1, Instructions: 78COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091797344.0000000002830000.00000040.00000800.00020000.00000000.sdmp, Offset: 02830000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_2830000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 98a78ba8d071f81c0efcbad190a7ddb2298a37b6e9dd9c7873241eda751487f8
                                                                                                                                          • Instruction ID: 97d4e8e379d8b0a56c8350f4b65e43ad003a6356bea91a11b4af422e8d477df4
                                                                                                                                          • Opcode Fuzzy Hash: 98a78ba8d071f81c0efcbad190a7ddb2298a37b6e9dd9c7873241eda751487f8
                                                                                                                                          • Instruction Fuzzy Hash: 0A214B38E00218DBDB08EBB4D8687EEBAB6EF8C310F105529D445A7294DF355C41CBA5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 0266D964 Relevance: .1, Instructions: 74COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091540223.000000000266D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0266D000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_266d000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 239a38d0b31d10cd443272d89f9c45b182b2e05dd13406802d8f1943b68bd43b
                                                                                                                                          • Instruction ID: 33609b4230f320ae1441c0a989f24e9f89e40c3f5b42218bc7578f159a75698c
                                                                                                                                          • Opcode Fuzzy Hash: 239a38d0b31d10cd443272d89f9c45b182b2e05dd13406802d8f1943b68bd43b
                                                                                                                                          • Instruction Fuzzy Hash: 8F213772608240EFDB04DF14D9C4B36BB65FB88314F24826DE9094B346C336D806CBA2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 0283C030 Relevance: .1, Instructions: 73COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091797344.0000000002830000.00000040.00000800.00020000.00000000.sdmp, Offset: 02830000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_2830000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 47715dd0ab4102e5dd55f39f0e15145317602d53000da549cd64b2e9f7abb481
                                                                                                                                          • Instruction ID: a3bf5f8afd95760beb2518863e0cb14329e2d560905ddfc6ce7b4b722e8f0a1a
                                                                                                                                          • Opcode Fuzzy Hash: 47715dd0ab4102e5dd55f39f0e15145317602d53000da549cd64b2e9f7abb481
                                                                                                                                          • Instruction Fuzzy Hash: E321C234A04208AFE745AB74CC18BAE7BB6EBC5740F108569E905EB280CB345D55CB94
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 0266DA4C Relevance: .1, Instructions: 73COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091540223.000000000266D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0266D000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_266d000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 57119446c5b9999b1fa7715fbceed3b1b8bdbbf9a7465207ca2f250b16e4d827
                                                                                                                                          • Instruction ID: 621d57410f14434d2afc209dd06a8c2643b7b703be5e3ec9ddf53df7f33221fe
                                                                                                                                          • Opcode Fuzzy Hash: 57119446c5b9999b1fa7715fbceed3b1b8bdbbf9a7465207ca2f250b16e4d827
                                                                                                                                          • Instruction Fuzzy Hash: 512146B2608344EFDB04DF14D9C8B3ABB65FB84324F24C569E9090B356C376D406CBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 0266D44C Relevance: .1, Instructions: 71COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091540223.000000000266D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0266D000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_266d000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e215ee5c29dfc3dd9618996d6188aaaadbbc74bea188bc2231b9cc3cd6670480
                                                                                                                                          • Instruction ID: 33688f3c976b9537a3beccd346b8df2f5dd495e8308ffaa7bef4dd8d9a8bd46f
                                                                                                                                          • Opcode Fuzzy Hash: e215ee5c29dfc3dd9618996d6188aaaadbbc74bea188bc2231b9cc3cd6670480
                                                                                                                                          • Instruction Fuzzy Hash: ED2101B1604240EFDB18DF14D9C8B3ABB65EB84328F20C56DD80A0B751C73AE846CAA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 0283BB60 Relevance: .1, Instructions: 67COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091797344.0000000002830000.00000040.00000800.00020000.00000000.sdmp, Offset: 02830000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_2830000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: f51db6873216ef0c923560d0d31b908bd2491585d2833d1c1eb5e6c70ce644b3
                                                                                                                                          • Instruction ID: c40794a6be3bc0b25cf196aa5c399c38cb3f4d1751fb1aba8fe5d08ada27d6fd
                                                                                                                                          • Opcode Fuzzy Hash: f51db6873216ef0c923560d0d31b908bd2491585d2833d1c1eb5e6c70ce644b3
                                                                                                                                          • Instruction Fuzzy Hash: 0521CDB8E0121CDBCF05CFA9D880AEDBBB5BB89314F10842AE505B7354DB749940CFA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 05052305 Relevance: .1, Instructions: 66COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2100229242.0000000005050000.00000040.00000800.00020000.00000000.sdmp, Offset: 05050000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_5050000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 74712f3e7aca81fde5aa4f9918a9250b3f8809f18120c9aa5e287f701153f39a
                                                                                                                                          • Instruction ID: 90f2849c31783389234d8aab7936f9dabca183fc5d5e2251e9957f1e5b809bc8
                                                                                                                                          • Opcode Fuzzy Hash: 74712f3e7aca81fde5aa4f9918a9250b3f8809f18120c9aa5e287f701153f39a
                                                                                                                                          • Instruction Fuzzy Hash: E0119370B00215AFDB18EB68E854A6EB7ABEF84710F11445DF906AB391CEB0AD054BA5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 02830B51 Relevance: .1, Instructions: 64COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091797344.0000000002830000.00000040.00000800.00020000.00000000.sdmp, Offset: 02830000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_2830000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d7c1992afbb5a5deaaa6cbf46075eafe35fe5cc27b8f779b9f111d823cbe27a7
                                                                                                                                          • Instruction ID: b495cc349d66904d81ec8c2654bbe3be83a23b274ae34c49386ada2604f1cba3
                                                                                                                                          • Opcode Fuzzy Hash: d7c1992afbb5a5deaaa6cbf46075eafe35fe5cc27b8f779b9f111d823cbe27a7
                                                                                                                                          • Instruction Fuzzy Hash: 2F218378E0121ACFCB01CFA8D984AEDBBB1FB89304F005A6AC405F7241DB75A945CBA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 05050048 Relevance: .1, Instructions: 64COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2100229242.0000000005050000.00000040.00000800.00020000.00000000.sdmp, Offset: 05050000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_5050000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: fb2f51e2dcca47d7089d9c709d2e651af7d1af0737b0c3c3f060aeef6bfdadff
                                                                                                                                          • Instruction ID: 07befd578d943573b173c5b45836828c1058937d52d78369ff8aeb2391d52f07
                                                                                                                                          • Opcode Fuzzy Hash: fb2f51e2dcca47d7089d9c709d2e651af7d1af0737b0c3c3f060aeef6bfdadff
                                                                                                                                          • Instruction Fuzzy Hash: B611D330B001585BEB14EBB9945477FBBE6EF88744F1001ADD606AB380CE716D1587E6
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 02830B60 Relevance: .1, Instructions: 61COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091797344.0000000002830000.00000040.00000800.00020000.00000000.sdmp, Offset: 02830000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_2830000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 939deec4455b3e30f8cadfcb21a50b0132cda4b0e248986ca256d34fd6904b77
                                                                                                                                          • Instruction ID: 6752ff58fc80f303172c3fd30123b2cd70ccdeb5adf028597aaed75c81b106e7
                                                                                                                                          • Opcode Fuzzy Hash: 939deec4455b3e30f8cadfcb21a50b0132cda4b0e248986ca256d34fd6904b77
                                                                                                                                          • Instruction Fuzzy Hash: 06113738E4521ACBCB05CFA8D944AEEBBF9FB89304F105A29D505F7350DB75A944CBA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 05050848 Relevance: .1, Instructions: 61COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2100229242.0000000005050000.00000040.00000800.00020000.00000000.sdmp, Offset: 05050000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_5050000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 24072835c1f52647691fe3e3a4f1376eb9d0f288aaa7bc36a9f0f4c884158f2f
                                                                                                                                          • Instruction ID: b51185c829f6e3d6a300a5ed618596eded7b46078767bca24c0a153cb4003bc8
                                                                                                                                          • Opcode Fuzzy Hash: 24072835c1f52647691fe3e3a4f1376eb9d0f288aaa7bc36a9f0f4c884158f2f
                                                                                                                                          • Instruction Fuzzy Hash: C9118F317052404FD705DB78D86492A7FF5EF8A61530640EEE609DB3B2DA61EC058B61
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 0266D95F Relevance: .1, Instructions: 55COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091540223.000000000266D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0266D000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_266d000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: b4b5c62d74ef7dbd0f0298782f6981a4020ab818640269a2a7c5de0ff3647828
                                                                                                                                          • Instruction ID: bf0aa814010374cff6103eecb2d78debd29f17bb16ffaa1ebbe67585faec3604
                                                                                                                                          • Opcode Fuzzy Hash: b4b5c62d74ef7dbd0f0298782f6981a4020ab818640269a2a7c5de0ff3647828
                                                                                                                                          • Instruction Fuzzy Hash: C9118E76508284CFCB15CF10D9C4B26BF72FB84314F2486A9D8494B656C33AD81ACBA2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 0266DA47 Relevance: .1, Instructions: 54COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091540223.000000000266D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0266D000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_266d000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: ae4ea8f6bfdc3547aa550cb2b87cafacc63a171dd4338ff02d025254eca979a6
                                                                                                                                          • Instruction ID: e94da2a7b788b64660f6ca24d32c816fb7015310b4e556ed78c572fa025c9874
                                                                                                                                          • Opcode Fuzzy Hash: ae4ea8f6bfdc3547aa550cb2b87cafacc63a171dd4338ff02d025254eca979a6
                                                                                                                                          • Instruction Fuzzy Hash: AA11B2B6604284CFCB11CF10D9C4B26BF71FB84314F24C6A9D8094B756C33AD41ACBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 0266D447 Relevance: .1, Instructions: 52COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091540223.000000000266D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0266D000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_266d000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 4215720d103627e1c147850a9c6e66f07789bdd100fa2177f65ba4318ace2bf5
                                                                                                                                          • Instruction ID: 7f9d8ac1d611f379bbed6ca96e33885d9ffad43c15726c67de74ce9b511c6bbc
                                                                                                                                          • Opcode Fuzzy Hash: 4215720d103627e1c147850a9c6e66f07789bdd100fa2177f65ba4318ace2bf5
                                                                                                                                          • Instruction Fuzzy Hash: 6F11BF76604284DFDB15CF10D5C4B29BF61FB84228F24C6A9D8494BB56C33AE44ACB92
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 05050868 Relevance: .1, Instructions: 51COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2100229242.0000000005050000.00000040.00000800.00020000.00000000.sdmp, Offset: 05050000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_5050000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d392b2722562199f026f7c9f30b7b2122eae2d41ea7adb635f5102565cd5c455
                                                                                                                                          • Instruction ID: d7c55d71bbec4f09aca45ff1285709acc309491edc090c45c355d3415501fbec
                                                                                                                                          • Opcode Fuzzy Hash: d392b2722562199f026f7c9f30b7b2122eae2d41ea7adb635f5102565cd5c455
                                                                                                                                          • Instruction Fuzzy Hash: 8B015E317001149FD748EB6DD894C2EBBEAEF8975530241ADE60ADB3B1DE61FC018BA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 0265D171 Relevance: .0, Instructions: 45COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091489930.000000000265D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0265D000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_265d000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 4c64714164fdb2e4b5a23bd307ed5502c739d925e0836b9ccae65257300318b8
                                                                                                                                          • Instruction ID: 80d724702aa01e33136c28a4b095ce3b5bc37e8bd0fc331f15897486f9bc27b9
                                                                                                                                          • Opcode Fuzzy Hash: 4c64714164fdb2e4b5a23bd307ed5502c739d925e0836b9ccae65257300318b8
                                                                                                                                          • Instruction Fuzzy Hash: 2001F271105364DAF7245E25CD80B66BF98EF49324F08802AED090E3D2C7B89880C7B1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 0265D170 Relevance: .0, Instructions: 36COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091489930.000000000265D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0265D000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_265d000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d80c665bed2f65f9af8fd7229988bc47a6595a65c78f1c317c11ba3f3e7389f1
                                                                                                                                          • Instruction ID: 302e1a1e70647fa9f38f70a2d61ed248bfae5d0937776f9938c4db1cb07ff2ba
                                                                                                                                          • Opcode Fuzzy Hash: d80c665bed2f65f9af8fd7229988bc47a6595a65c78f1c317c11ba3f3e7389f1
                                                                                                                                          • Instruction Fuzzy Hash: FCF062724053549AE7208E15DD84B66FF98EB85634F18C55AED084E392C3799844CB71
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 02838450 Relevance: .0, Instructions: 19COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091797344.0000000002830000.00000040.00000800.00020000.00000000.sdmp, Offset: 02830000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_2830000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 0e35ce1df6cc4312b007c6e50fec6a16ec8116e46d7502300df53ce27ee513e1
                                                                                                                                          • Instruction ID: d8899aea2a8417e3b3862c443ef0b54e44d2d934273da0eeac8ecd4e72b19555
                                                                                                                                          • Opcode Fuzzy Hash: 0e35ce1df6cc4312b007c6e50fec6a16ec8116e46d7502300df53ce27ee513e1
                                                                                                                                          • Instruction Fuzzy Hash: 88D05E38D8A20CDBC704EFA4E444A6CBBF8AB46315F5091A8E84863260CB705E94D7D9
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 02838040 Relevance: .0, Instructions: 17COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091797344.0000000002830000.00000040.00000800.00020000.00000000.sdmp, Offset: 02830000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_2830000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a4bfdee40951df1ddfdd94b6dea105221296cab41554d68501aa1953abd5414a
                                                                                                                                          • Instruction ID: 5d1f1a15434aa09ad5314f9f5fa5779ff4bf0319adca7adc4742157c461b65e3
                                                                                                                                          • Opcode Fuzzy Hash: a4bfdee40951df1ddfdd94b6dea105221296cab41554d68501aa1953abd5414a
                                                                                                                                          • Instruction Fuzzy Hash: 65E01774D4520CEFCB80EFB8E84979CBBF4AB04201F2046AAD808E3340EB705A94DB91
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 02830D60 Relevance: .0, Instructions: 17COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091797344.0000000002830000.00000040.00000800.00020000.00000000.sdmp, Offset: 02830000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_2830000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 192fb013feadae901d6fb45901315cfb0517444373b236cabb80eaacd87bb3db
                                                                                                                                          • Instruction ID: cf92033151215ef19115bbeaf1f8bc2a7748e7e44611ed7b41bdb3318343935f
                                                                                                                                          • Opcode Fuzzy Hash: 192fb013feadae901d6fb45901315cfb0517444373b236cabb80eaacd87bb3db
                                                                                                                                          • Instruction Fuzzy Hash: 93E01274D41248DFCB40EFB8E54979CBBF4AB04201F1015A9C908D3340E7705A90CB81
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 02830868 Relevance: .0, Instructions: 16COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091797344.0000000002830000.00000040.00000800.00020000.00000000.sdmp, Offset: 02830000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_2830000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 804a12a9161117e36837a7a92f381504fbb530f53be7ff04b63ec53d5af87316
                                                                                                                                          • Instruction ID: 2f772cc9a9728ca3d660b01ae7d620a21d007461fe2c8f8bd3276db6d7aab84b
                                                                                                                                          • Opcode Fuzzy Hash: 804a12a9161117e36837a7a92f381504fbb530f53be7ff04b63ec53d5af87316
                                                                                                                                          • Instruction Fuzzy Hash: 80D05E2188D3C85FC75257B06C6D3EC3F758F03205F4919C9CC8A92062C6541497E751
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 02830A52 Relevance: .0, Instructions: 15COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091797344.0000000002830000.00000040.00000800.00020000.00000000.sdmp, Offset: 02830000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_2830000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 854f244350af8cc5ed938ad0981ca5a122c55bc176edfdf9ea00ef683bdd7db7
                                                                                                                                          • Instruction ID: 87eaae1cde6894944db37596dbfdefefc35f62dc6e57bd6b06b46df96dce3c62
                                                                                                                                          • Opcode Fuzzy Hash: 854f244350af8cc5ed938ad0981ca5a122c55bc176edfdf9ea00ef683bdd7db7
                                                                                                                                          • Instruction Fuzzy Hash: E4D05E294C83C05FC35353FC68683A87F745F43201F0805D6C4C5830538A550066C7A2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 02838008 Relevance: .0, Instructions: 15COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091797344.0000000002830000.00000040.00000800.00020000.00000000.sdmp, Offset: 02830000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_2830000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 0cdd11d93be2e39d33fc83b947c9b5aba2db0a083b69d3da0b646a585f5c79ca
                                                                                                                                          • Instruction ID: fd2c599fc036cd01d759c4fac74c42c24a2b8d4c4574972df5910dac3502649b
                                                                                                                                          • Opcode Fuzzy Hash: 0cdd11d93be2e39d33fc83b947c9b5aba2db0a083b69d3da0b646a585f5c79ca
                                                                                                                                          • Instruction Fuzzy Hash: DBD0A974842248EBCB80DFB8980875DB7F8EB06300F100AA49808D3200EB704E40E790
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 02830838 Relevance: .0, Instructions: 14COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091797344.0000000002830000.00000040.00000800.00020000.00000000.sdmp, Offset: 02830000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_2830000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d26bd001ce25fc7b064bef18adccbf75be438d220ef4396b8e16dd3d23403a36
                                                                                                                                          • Instruction ID: ec810eca4664aab2377a5efec9a6658454a02cb012e9569169b2301de0764cd5
                                                                                                                                          • Opcode Fuzzy Hash: d26bd001ce25fc7b064bef18adccbf75be438d220ef4396b8e16dd3d23403a36
                                                                                                                                          • Instruction Fuzzy Hash: D9D0A9200883C05FD7A203B868A93ECBF308B03200F492989C0CA820828BA08097CB91
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 02839EA8 Relevance: .0, Instructions: 12COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091797344.0000000002830000.00000040.00000800.00020000.00000000.sdmp, Offset: 02830000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_2830000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 95a936659093255e0714aedc796140b439b0e16c2f7ab513d2b5125c880d6d89
                                                                                                                                          • Instruction ID: e0d8d1182a9c55f99d63b7c435fe25955d3358c671989b402b4b22689b0f2c63
                                                                                                                                          • Opcode Fuzzy Hash: 95a936659093255e0714aedc796140b439b0e16c2f7ab513d2b5125c880d6d89
                                                                                                                                          • Instruction Fuzzy Hash: 3DD0A9688982D48AE3226A60F00E3283ED8130131CF882D86C09980382C7F813E0CAE2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 02830A60 Relevance: .0, Instructions: 10COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091797344.0000000002830000.00000040.00000800.00020000.00000000.sdmp, Offset: 02830000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_2830000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 6fac323971957c19fc7c7f5168c6fbdb7ff37ba3db0a8b66cbe6e8ec7ea876b3
                                                                                                                                          • Instruction ID: 05c7c0afb8f0480002eab77c27ef60e566b58d8e0a456860b14dda87c923a5c2
                                                                                                                                          • Opcode Fuzzy Hash: 6fac323971957c19fc7c7f5168c6fbdb7ff37ba3db0a8b66cbe6e8ec7ea876b3
                                                                                                                                          • Instruction Fuzzy Hash: 44C04C294C164847D35577DCB50C729729C6741706F401550D54D414514BA454A4C5F6
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 02830848 Relevance: .0, Instructions: 9COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091797344.0000000002830000.00000040.00000800.00020000.00000000.sdmp, Offset: 02830000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_2830000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: f3c9564e8e9f122e20b782091fbc7efac85e9c061bdac7789fd38c1010e1cf84
                                                                                                                                          • Instruction ID: 8fa5106f8e31398f1ffad0ac38f2b2ab15e0132b64eab3cfad6b2a5a8ba2b161
                                                                                                                                          • Opcode Fuzzy Hash: f3c9564e8e9f122e20b782091fbc7efac85e9c061bdac7789fd38c1010e1cf84
                                                                                                                                          • Instruction Fuzzy Hash: 7AB012354C17888BE7256BD4B80D73CB7AC674630AFC82A14D58D414508FF0D4F0DAE6
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Non-executed Functions

                                                                                                                                          Function 6D392D70 Relevance: 35.2, APIs: 23, Instructions: 669COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D392DFF
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D392E08
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D392E7E
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D392EB5
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D392EC1
                                                                                                                                            • Part of subcall function 6D39C850: VariantInit.OLEAUT32(?), ref: 6D39C88F
                                                                                                                                            • Part of subcall function 6D39C850: VariantInit.OLEAUT32(?), ref: 6D39C895
                                                                                                                                            • Part of subcall function 6D39C850: SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D39C8A0
                                                                                                                                            • Part of subcall function 6D39C850: SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6D39C8D5
                                                                                                                                            • Part of subcall function 6D39C850: VariantClear.OLEAUT32(?), ref: 6D39C8E1
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D3930D5
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D393550
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D393563
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D393569
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Variant$ArrayClearSafe$Init$CreateElementVector$Destroy
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2012514194-0
                                                                                                                                          • Opcode ID: bb2d208d5344e4c1fb4f5337e797296c7ba0df64d50cc4de960366c8f85aeaf9
                                                                                                                                          • Instruction ID: 059be7cd1d0c44a27968893927cd3eb364d0302665d4ba700d6b5d94a9186bf6
                                                                                                                                          • Opcode Fuzzy Hash: bb2d208d5344e4c1fb4f5337e797296c7ba0df64d50cc4de960366c8f85aeaf9
                                                                                                                                          • Instruction Fuzzy Hash: AC527CB1900219DFCB04DFA8C984BEEBBB5FF49310F158199E919AB351E731A945CF90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D38A0C0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 227libraryloaderCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CorBindToRuntimeEx.MSCOREE(v2.0.50727,wks,00000000,6D400634,6D400738,?), ref: 6D38A119
                                                                                                                                          • GetModuleHandleW.KERNEL32(mscorwks), ref: 6D38A145
                                                                                                                                          • __cftoe.LIBCMT ref: 6D38A1FB
                                                                                                                                          • GetModuleHandleW.KERNEL32(?), ref: 6D38A215
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00000018), ref: 6D38A265
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: HandleModule$AddressBindProcRuntime__cftoe
                                                                                                                                          • String ID: mscorwks$v2.0.50727$wks
                                                                                                                                          • API String ID: 1312202379-2066655427
                                                                                                                                          • Opcode ID: aef0189dbdc6de3bd7097ac175396801a5290b1815bd8252c48b1a9237e2d638
                                                                                                                                          • Instruction ID: b7edf6b77d2d70e36db43cbbd8b1aeb48e6d39a9e63864e460236615e4d912c0
                                                                                                                                          • Opcode Fuzzy Hash: aef0189dbdc6de3bd7097ac175396801a5290b1815bd8252c48b1a9237e2d638
                                                                                                                                          • Instruction Fuzzy Hash: A2917A70D042499FCB04DFE9D881EAEBBB5BF49300F24866DE159EB381D731A905CB94
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3CDBB0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 75encryptionCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,2D641B6B,6D3F8180,00000000,?), ref: 6D3CDBFB
                                                                                                                                          • GetLastError.KERNEL32 ref: 6D3CDC01
                                                                                                                                          • CryptAcquireContextA.ADVAPI32(?,Crypto++ RNG,00000000,00000001,00000008), ref: 6D3CDC15
                                                                                                                                          • CryptAcquireContextA.ADVAPI32(?,Crypto++ RNG,00000000,00000001,00000028), ref: 6D3CDC26
                                                                                                                                          • SetLastError.KERNEL32(00000000), ref: 6D3CDC2D
                                                                                                                                            • Part of subcall function 6D3CD9D0: GetLastError.KERNEL32(00000010,2D641B6B,75B4FC30,?,00000000), ref: 6D3CDA1A
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3CDC78
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AcquireContextCryptErrorLast$ExceptionException@8RaiseThrow
                                                                                                                                          • String ID: CryptAcquireContext$Crypto++ RNG
                                                                                                                                          • API String ID: 3279666080-1159690233
                                                                                                                                          • Opcode ID: 8494f61e92ffb5084a9d1387c35fc3ec3de4755d4bf1280f33f0a573d978afd6
                                                                                                                                          • Instruction ID: ac6376a41c4003fa64bcb51c95bcd6409bc882b5ad56d03f8bef51cca1274fd1
                                                                                                                                          • Opcode Fuzzy Hash: 8494f61e92ffb5084a9d1387c35fc3ec3de4755d4bf1280f33f0a573d978afd6
                                                                                                                                          • Instruction Fuzzy Hash: 3A21F6B1248305AFE310EB24DC45F6BBBF8EB89744F00051DF241962C1EBB5E404CBA6
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3D2310 Relevance: 11.2, APIs: 4, Strings: 2, Instructions: 663COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3D24A1
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3D248C
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m$0B?m
                                                                                                                                          • API String ID: 757275642-2506672065
                                                                                                                                          • Opcode ID: bb88c3cf5b1a6baba40fb3c82d0b22d715835402345ab5bc48c704fc764ed17b
                                                                                                                                          • Instruction ID: 7980843df650fa4e4d26e082079e04e27a738a1ad9d6033a5690d39738b895dd
                                                                                                                                          • Opcode Fuzzy Hash: bb88c3cf5b1a6baba40fb3c82d0b22d715835402345ab5bc48c704fc764ed17b
                                                                                                                                          • Instruction Fuzzy Hash: E632C67AA046068FDB94CF98C5919AEB7B6FF89704F14812CE5169B354E731ED01CFA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3C63B0 Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 648COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _memmove
                                                                                                                                          • String ID: ty?m
                                                                                                                                          • API String ID: 4104443479-4125396177
                                                                                                                                          • Opcode ID: 63249ad61b46ce5daf02384262851c482d42fb0df655959b654710f81365263c
                                                                                                                                          • Instruction ID: 97e8dbe74aa43b7678b3e1db988eef8aa4e36c965e95acdbadd36d56af39ff3d
                                                                                                                                          • Opcode Fuzzy Hash: 63249ad61b46ce5daf02384262851c482d42fb0df655959b654710f81365263c
                                                                                                                                          • Instruction Fuzzy Hash: 685226B02046598FC718CF2AC891A36BBF2EFCA311754865ED4D68B396D334F956CB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3D948B Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 6D3DCE6C
                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6D3DCE81
                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(6D3F9428), ref: 6D3DCE8C
                                                                                                                                          • GetCurrentProcess.KERNEL32(C0000409), ref: 6D3DCEA8
                                                                                                                                          • TerminateProcess.KERNEL32(00000000), ref: 6D3DCEAF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2579439406-0
                                                                                                                                          • Opcode ID: 6f5202a349f277292c363d35cb6f7d322aaee77a36e8efb4bca3b0316369355a
                                                                                                                                          • Instruction ID: 96f9ba2b2bebf7c4fa66dc2d4d8c1c5a35c835a5efa266e6e72b019642a6363f
                                                                                                                                          • Opcode Fuzzy Hash: 6f5202a349f277292c363d35cb6f7d322aaee77a36e8efb4bca3b0316369355a
                                                                                                                                          • Instruction Fuzzy Hash: DA21FFB5815208EFDB51EF68DA46B647BB4FB4B384F10401AE52987B40E7B09D888F19
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3C5DD0 Relevance: 6.4, APIs: 4, Instructions: 390COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: bf3a256879a23997ea71356c38a51ba9c8724e20df3df4122f0024fab2a4cd02
                                                                                                                                          • Instruction ID: ae2a2fe72d6bce6c3d90fa56a0a079f4f5c187f97d6696c2b0043cb896da173c
                                                                                                                                          • Opcode Fuzzy Hash: bf3a256879a23997ea71356c38a51ba9c8724e20df3df4122f0024fab2a4cd02
                                                                                                                                          • Instruction Fuzzy Hash: 730267704183568FC744DB6AC8A163ABBF1EBCB211F42095EE6F6573A1C334E958CB61
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3C5EB9 Relevance: 6.3, APIs: 4, Instructions: 318COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _memmove
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4104443479-0
                                                                                                                                          • Opcode ID: 3e4644a89dca348821538117cdcdc29ec02568f718c8d0a8812ef294fcd805fa
                                                                                                                                          • Instruction ID: 7c0640a01645db0e64bd4a55f8c05688d9d30e92addc49bb4003982ca2bd9d2e
                                                                                                                                          • Opcode Fuzzy Hash: 3e4644a89dca348821538117cdcdc29ec02568f718c8d0a8812ef294fcd805fa
                                                                                                                                          • Instruction Fuzzy Hash: CDE17A754183968AC744DB6AC8A123E7FF1EBCB211F42054EE2F6573A1D334E969CB21
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3D1CA0 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 619COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3D1E1D
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3D1E32
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 757275642-3383511498
                                                                                                                                          • Opcode ID: 131bbd11edca8c2c064430137d35a4241b4e9bdad72cfcc34d4f616879c0d0f8
                                                                                                                                          • Instruction ID: 47f402ebb33dcff0980b267a92a39eade7b5f44ebe390d5ca8c545dc4e9e8f20
                                                                                                                                          • Opcode Fuzzy Hash: 131bbd11edca8c2c064430137d35a4241b4e9bdad72cfcc34d4f616879c0d0f8
                                                                                                                                          • Instruction Fuzzy Hash: A932B576E046069FDB98CF98C991AAEB3BAFF88740B14811DE5169B354DB31ED00CF90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3CDE00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57encryptionCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CryptGenRandom.ADVAPI32(?,?,?,2D641B6B,00000000), ref: 6D3CDE6F
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3CDEB9
                                                                                                                                            • Part of subcall function 6D3CDD20: CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000000,6D3EF0E6,000000FF,6D3CDF67,00000000,?), ref: 6D3CDDB4
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Crypt$ContextException@8RandomReleaseThrow
                                                                                                                                          • String ID: CryptGenRandom
                                                                                                                                          • API String ID: 1047471967-3616286655
                                                                                                                                          • Opcode ID: a23fcc48d0029bb645c8e894c696baa4b519783c1eefd4faaa892e81948c312b
                                                                                                                                          • Instruction ID: 74ca6ad1e707d269ccd44aa900086813c958663914f496e70422c655680f68c1
                                                                                                                                          • Opcode Fuzzy Hash: a23fcc48d0029bb645c8e894c696baa4b519783c1eefd4faaa892e81948c312b
                                                                                                                                          • Instruction Fuzzy Hash: D8214A715087449FD704EF24D945B6ABBF8FB8A718F008A1EF4A583380EB75E904CB96
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3CD9D0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 126COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetLastError.KERNEL32(00000010,2D641B6B,75B4FC30,?,00000000), ref: 6D3CDA1A
                                                                                                                                            • Part of subcall function 6D374010: std::_Xinvalid_argument.LIBCPMT ref: 6D37402A
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorLastXinvalid_argumentstd::_
                                                                                                                                          • String ID: operation failed with error $OS_Rng:
                                                                                                                                          • API String ID: 406877150-700108173
                                                                                                                                          • Opcode ID: dcd411576e74886f21c496e19845c0421388ab9b333bc348d2858fedf74d0c7f
                                                                                                                                          • Instruction ID: 96005a1b100ace7d1fa4d7151e363ead3b16d941c6800c8535088791d26c9e90
                                                                                                                                          • Opcode Fuzzy Hash: dcd411576e74886f21c496e19845c0421388ab9b333bc348d2858fedf74d0c7f
                                                                                                                                          • Instruction Fuzzy Hash: 8F418CB290C3849FD360CF69D841B5BFBE8BB99644F118A2DF1C987241DBB5A404CB67
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 05050930 Relevance: 2.8, Strings: 2, Instructions: 336COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2100229242.0000000005050000.00000040.00000800.00020000.00000000.sdmp, Offset: 05050000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_5050000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: HERE$LOOK
                                                                                                                                          • API String ID: 0-21722391
                                                                                                                                          • Opcode ID: 26abf9dfa4a46750b9c47ad26177f89d306d12b98b3a4e054f8a8d582539bf4d
                                                                                                                                          • Instruction ID: a56e5f56048a8f19c31346bb13f955e5297ffb3e8536a9ae9f546cb4c72788d8
                                                                                                                                          • Opcode Fuzzy Hash: 26abf9dfa4a46750b9c47ad26177f89d306d12b98b3a4e054f8a8d582539bf4d
                                                                                                                                          • Instruction Fuzzy Hash: A0F1B574E452298FDB64CF69D998BDEBBF2BB48310F1086E5D909A7351DB309E808F50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3E0B89 Relevance: 2.1, APIs: 1, Instructions: 645COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: f554d69228590a3d1484db1a88a70c26dbe63d6746988ccd94c69e02b999a547
                                                                                                                                          • Instruction ID: 8db66ec907af4130f10e4bc098e62cb936f63a6154e49f7db77648be893e7990
                                                                                                                                          • Opcode Fuzzy Hash: f554d69228590a3d1484db1a88a70c26dbe63d6746988ccd94c69e02b999a547
                                                                                                                                          • Instruction Fuzzy Hash: EB322531D28F554DDB239A34D832336A25DAFB73D4F11D727E82AB5E9AEB29C4835100
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3CDEE0 Relevance: 1.6, APIs: 1, Instructions: 71encryptionCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D374760: __CxxThrowException@8.LIBCMT ref: 6D3747F9
                                                                                                                                          • CryptReleaseContext.ADVAPI32(?,00000000,00000000,?), ref: 6D3CDF7B
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ContextCryptException@8ReleaseThrow
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3140249258-0
                                                                                                                                          • Opcode ID: ed992c2a22586125b61e43b1ce4a1f73a5f9879985e4c2aa5efc15e9e50be0fe
                                                                                                                                          • Instruction ID: 051962d742a6d7676052786431edf87cac216fd067ec04ed7d501713d150000d
                                                                                                                                          • Opcode Fuzzy Hash: ed992c2a22586125b61e43b1ce4a1f73a5f9879985e4c2aa5efc15e9e50be0fe
                                                                                                                                          • Instruction Fuzzy Hash: 7B21AFB650C345ABC300DF14D940B5BBBE8EB9A768F054A2DF99583381D775E908CBA3
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3CDD20 Relevance: 1.6, APIs: 1, Instructions: 66encryptionCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000000,6D3EF0E6,000000FF,6D3CDF67,00000000,?), ref: 6D3CDDB4
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ContextCryptRelease
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 829835001-0
                                                                                                                                          • Opcode ID: d1a6e1d816064d6c82472d1f6bc210381eaf65ed9525d73452ba52965a338772
                                                                                                                                          • Instruction ID: 8d4ea6fd9d7397661c379628ee047abff97a0de0980171ae116068719940b81b
                                                                                                                                          • Opcode Fuzzy Hash: d1a6e1d816064d6c82472d1f6bc210381eaf65ed9525d73452ba52965a338772
                                                                                                                                          • Instruction Fuzzy Hash: 8E11B4B2A497519BE710DF58D88673673E8EB45A50F040529F965C3380FBB6DC048BA2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3F35E0 Relevance: 1.5, APIs: 1, Instructions: 17encryptionCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CryptReleaseContext.ADVAPI32(?,00000000), ref: 6D3F35F5
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ContextCryptRelease
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 829835001-0
                                                                                                                                          • Opcode ID: a60a0bd816c3a91fdce4fc66eece04c66fbb9a968979ac3791b2060d7dda8cd4
                                                                                                                                          • Instruction ID: 566f219b9acc7dddb780d597d18a5849f9ca0668e146e82fd037b7566ea3dc98
                                                                                                                                          • Opcode Fuzzy Hash: a60a0bd816c3a91fdce4fc66eece04c66fbb9a968979ac3791b2060d7dda8cd4
                                                                                                                                          • Instruction Fuzzy Hash: EDD05EB250111257EF109A68ED06B6632E85B06640F090010E554C7280DBA0E8018B65
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3CD7F0 Relevance: 1.5, APIs: 1, Instructions: 17encryptionCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CryptReleaseContext.ADVAPI32(?,00000000), ref: 6D3CD803
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ContextCryptRelease
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 829835001-0
                                                                                                                                          • Opcode ID: 4d0e8f89758e2dd0460dd549edbd5841e7ad1b341bfa378731ba27c9e51e158c
                                                                                                                                          • Instruction ID: 139d301ae00cb96f62712b2c869696fd96351cf32b7e5bb4557fa5a564e255f8
                                                                                                                                          • Opcode Fuzzy Hash: 4d0e8f89758e2dd0460dd549edbd5841e7ad1b341bfa378731ba27c9e51e158c
                                                                                                                                          • Instruction Fuzzy Hash: F0D05EB1B4431622D7209A58AD06B57B7DC4F45A44F1A8829F599D2280D7B5E880C6E6
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3CD7D4 Relevance: 1.5, APIs: 1, Instructions: 9encryptionCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CryptReleaseContext.ADVAPI32(?,00000000), ref: 6D3CD7E0
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ContextCryptRelease
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 829835001-0
                                                                                                                                          • Opcode ID: dd629ad0ba3050862a1bcfeb296ef094a4e65aeb74e95098cf554e0aecbb8a8d
                                                                                                                                          • Instruction ID: 8cce9dad1873c6c8d0b4bb245997241b90dd61d729a62375c4d6532699102ccc
                                                                                                                                          • Opcode Fuzzy Hash: dd629ad0ba3050862a1bcfeb296ef094a4e65aeb74e95098cf554e0aecbb8a8d
                                                                                                                                          • Instruction Fuzzy Hash: BAB012747412077BEF3C8F21DF59B39B6299F81B05F10455C721A654808773DC03C504
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3C5830 Relevance: 1.5, Strings: 1, Instructions: 220COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: @
                                                                                                                                          • API String ID: 0-2766056989
                                                                                                                                          • Opcode ID: e04583e9a953742f6bbc6c121b11e4306feab271290981eade3df355107e1d3f
                                                                                                                                          • Instruction ID: 72fd5b9f586e00a791f67945e7ff12176ffca895bc5aaddc848f8869af3df239
                                                                                                                                          • Opcode Fuzzy Hash: e04583e9a953742f6bbc6c121b11e4306feab271290981eade3df355107e1d3f
                                                                                                                                          • Instruction Fuzzy Hash: 10914B72918B868BE702CF2DC8825BAB7A0FFD9354F149B1DFDD462201EB759944C782
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3EBFF1 Relevance: 1.4, Strings: 1, Instructions: 180COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: N@
                                                                                                                                          • API String ID: 0-1509896676
                                                                                                                                          • Opcode ID: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                                                                                                                          • Instruction ID: 2704f0ccd50c040bdff2ca13235a11b732c4361cf6847f9d95dd2c98fd034df2
                                                                                                                                          • Opcode Fuzzy Hash: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                                                                                                                          • Instruction Fuzzy Hash: 54616C729003268FDB18CF48C4946AEBBF2FF84354F1AC5AED8195B3A1C7B19954CB80
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3C58D7 Relevance: 1.4, Strings: 1, Instructions: 143COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: @
                                                                                                                                          • API String ID: 0-2766056989
                                                                                                                                          • Opcode ID: 9ab76a4575eaecb2ecf0bb7d858c442dd890f8a81289dbf039536d43098e628d
                                                                                                                                          • Instruction ID: 6751aaf3b14853d510b4575785a3a0b78ce5ee5105d03a2b7e1acff8b94ab34e
                                                                                                                                          • Opcode Fuzzy Hash: 9ab76a4575eaecb2ecf0bb7d858c442dd890f8a81289dbf039536d43098e628d
                                                                                                                                          • Instruction Fuzzy Hash: 1C514072818B868BE712CF2DC8425BAF7A0BFD9344F209B1DFDD462601EB759954C782
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3C58D5 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: @
                                                                                                                                          • API String ID: 0-2766056989
                                                                                                                                          • Opcode ID: c7060b0531253ee02b048eb0fbce669efafd008c1a25bcfa342b3a65215327ec
                                                                                                                                          • Instruction ID: 3bb2916b4f88b9941bc16b08328097ee2b923c2999d978a3fc26d91903347477
                                                                                                                                          • Opcode Fuzzy Hash: c7060b0531253ee02b048eb0fbce669efafd008c1a25bcfa342b3a65215327ec
                                                                                                                                          • Instruction Fuzzy Hash: B8514F72818B868BE312CF2DC8425BAF7A0BFD5244F209B1DFDD462601EB759944C782
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3B3460 Relevance: .7, Instructions: 681COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e57defef04cdd397cd2c8daee722437a19485c34a4febab60d24264a227c0bb9
                                                                                                                                          • Instruction ID: aa74d366f6ce4f68929a12cab1b95c4886cb057314d35bff452369b36ed46ff4
                                                                                                                                          • Opcode Fuzzy Hash: e57defef04cdd397cd2c8daee722437a19485c34a4febab60d24264a227c0bb9
                                                                                                                                          • Instruction Fuzzy Hash: 755299716483058FC758CF5EC98054AF7F2BBC8718F18CA7DA599C6B21E374E9468B82
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3B3E50 Relevance: .5, Instructions: 514COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 79c477024e71e463717b892515b73390a80f0de7856b5551fe47b4012150965c
                                                                                                                                          • Instruction ID: f58f59fd753db1d5a06673b96f9205d3f47784dbc8776f863be213912ecc1d89
                                                                                                                                          • Opcode Fuzzy Hash: 79c477024e71e463717b892515b73390a80f0de7856b5551fe47b4012150965c
                                                                                                                                          • Instruction Fuzzy Hash: AA223E71A083058FC344CF69C88064AF7E2FFC8318F59892DE598D7715E775EA4A8B92
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 0283CC80 Relevance: .5, Instructions: 453COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091797344.0000000002830000.00000040.00000800.00020000.00000000.sdmp, Offset: 02830000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_2830000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 1511206420fbef72195d04afc1da7a55e3e6806f3d188ed21994c5ae70c16fb6
                                                                                                                                          • Instruction ID: c363bee68b7a82449377c1cee26a5c5b7f93ede90ce50505177180155bf04dd9
                                                                                                                                          • Opcode Fuzzy Hash: 1511206420fbef72195d04afc1da7a55e3e6806f3d188ed21994c5ae70c16fb6
                                                                                                                                          • Instruction Fuzzy Hash: D5023C3DA00515CFDB1ADF69C488A6DBBB2BF89754B158169E805EB375CB31EC02CB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3B4AC0 Relevance: .4, Instructions: 424COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: c32662eef60f0c471b7fdac11190f1f5451b2dd2c365e0225398f315df61cf83
                                                                                                                                          • Instruction ID: 9ded071ad59cd704732e825f270e8da77efaef640fe718d0d309e11cafb84771
                                                                                                                                          • Opcode Fuzzy Hash: c32662eef60f0c471b7fdac11190f1f5451b2dd2c365e0225398f315df61cf83
                                                                                                                                          • Instruction Fuzzy Hash: A80296717443018FC758CF6ECC8154AB7E2ABC8314F19CA7DA499C7B21E778E94A8B52
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3C5050 Relevance: .4, Instructions: 401COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 871697c2ff3cc1817834b082594383a31648c20c35c4d87917320d625ffb71c0
                                                                                                                                          • Instruction ID: bf22e8067906283cc96aeea942309cad79b2dd5fdac8d68c699547f23187d638
                                                                                                                                          • Opcode Fuzzy Hash: 871697c2ff3cc1817834b082594383a31648c20c35c4d87917320d625ffb71c0
                                                                                                                                          • Instruction Fuzzy Hash: 7D029F3280A2B49FDB92EF5ED8405AB73F4FF90355F438A2ADD8163241D331EA099795
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3B4550 Relevance: .3, Instructions: 326COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 9ed4dd07c22fc926db6187162ceb4f6c9de92f9471c57bfdad431e9e1507ebf3
                                                                                                                                          • Instruction ID: 5f0367c05d9e803403292a80ae2ee566663ed1d763c363ca41ed2b3cb0e999bd
                                                                                                                                          • Opcode Fuzzy Hash: 9ed4dd07c22fc926db6187162ceb4f6c9de92f9471c57bfdad431e9e1507ebf3
                                                                                                                                          • Instruction Fuzzy Hash: 2ED1A4716443018FC348CF1EC98164AF7E2BFD8718F19CA6DA599C7B21D379E9468B42
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 02838080 Relevance: .3, Instructions: 260COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091797344.0000000002830000.00000040.00000800.00020000.00000000.sdmp, Offset: 02830000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_2830000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 263335fcd4e577589abf5dc3c578ddccbf1a2b86da7f279aa1d7df3ccd4757f2
                                                                                                                                          • Instruction ID: d0cc3530a53363314ade3964c48b11829ca1bd202ff351bdddc6bdc758b68bc9
                                                                                                                                          • Opcode Fuzzy Hash: 263335fcd4e577589abf5dc3c578ddccbf1a2b86da7f279aa1d7df3ccd4757f2
                                                                                                                                          • Instruction Fuzzy Hash: 2A81A238F042599BDF0DAF74945467E7BB7BFC8750B08896DE406E7388CE3488428BA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3C5274 Relevance: .2, Instructions: 225COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 35bd22f95dab943cb3221f365cd1ea733415a38271d1e5144e58f245e77465ab
                                                                                                                                          • Instruction ID: d4282eae23173d5873622fa2fc4fea598f214c848cadc39b88ed11219549602a
                                                                                                                                          • Opcode Fuzzy Hash: 35bd22f95dab943cb3221f365cd1ea733415a38271d1e5144e58f245e77465ab
                                                                                                                                          • Instruction Fuzzy Hash: 47A1633241A2B49FDB52EF6ED8400AB73A5EF94355F43892FDCC167281C235EA089795
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3B3260 Relevance: .2, Instructions: 177COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 326bc5982354ac438e1a9f739f44fe0e5fdd5d63dcd15d05e6311c1e57b5f58c
                                                                                                                                          • Instruction ID: 77c67e4e61c8f026e6fc0232a3d214a61c66183bd9c4334c8bf01a2cff0a98da
                                                                                                                                          • Opcode Fuzzy Hash: 326bc5982354ac438e1a9f739f44fe0e5fdd5d63dcd15d05e6311c1e57b5f58c
                                                                                                                                          • Instruction Fuzzy Hash: 8171A371A083058FC344CF1AC94164AF7E2FFC8718F19C96DA898C7B21E775E9468B82
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 02830D90 Relevance: .2, Instructions: 172COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091797344.0000000002830000.00000040.00000800.00020000.00000000.sdmp, Offset: 02830000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_2830000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a18d24e7740226b6e066bbd035a50e62c584fb4251928072afbc9ce6c8c7eba9
                                                                                                                                          • Instruction ID: 122204812e0623f23fa03430d357968ee79411ad3b6146090fe84cb0a6c7ac8d
                                                                                                                                          • Opcode Fuzzy Hash: a18d24e7740226b6e066bbd035a50e62c584fb4251928072afbc9ce6c8c7eba9
                                                                                                                                          • Instruction Fuzzy Hash: 07713974E002498FDB48EF6AE89569EBFF3FBC4304F04D569C005AB258EBB459568B90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 02830DA0 Relevance: .2, Instructions: 165COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091797344.0000000002830000.00000040.00000800.00020000.00000000.sdmp, Offset: 02830000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_2830000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 6991f5ea1b613534145483acaf5aacfe82537cb3195fccbaf4672088211f451f
                                                                                                                                          • Instruction ID: c9aa3131bde10f3a9499539dfbfdb58120b48d93dbe7047a33cc79ecadc4c6e6
                                                                                                                                          • Opcode Fuzzy Hash: 6991f5ea1b613534145483acaf5aacfe82537cb3195fccbaf4672088211f451f
                                                                                                                                          • Instruction Fuzzy Hash: 9F610874E00249CFDB48EF6AE85569EBFF3FBC4304F04D569C005AB298EBB459568B90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3B3C90 Relevance: .2, Instructions: 164COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 7cdc20a2fddfc9a188b602cbb1ee077ba7ac09752fea693f80eeb2021d0fc81c
                                                                                                                                          • Instruction ID: c816e45da3559c3907b7fb3d5880d540d82664f1bd06f7db55950fe47940c881
                                                                                                                                          • Opcode Fuzzy Hash: 7cdc20a2fddfc9a188b602cbb1ee077ba7ac09752fea693f80eeb2021d0fc81c
                                                                                                                                          • Instruction Fuzzy Hash: 1F51F776A083058FC344CF69C88064AF7E2FBC8318F59C93DE999C7715E675E94A8B81
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3B4970 Relevance: .1, Instructions: 132COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 6ba715fd754b714e9d068fda8deb8e9fc5fdebe33215753f3ecb5741719fa00b
                                                                                                                                          • Instruction ID: 69990af1b33206951b8dcabbca6b0527f4b1e7b774d6cca876f21f347aff3c55
                                                                                                                                          • Opcode Fuzzy Hash: 6ba715fd754b714e9d068fda8deb8e9fc5fdebe33215753f3ecb5741719fa00b
                                                                                                                                          • Instruction Fuzzy Hash: 9441D972B042168FCB48CE2ECC4165AF7E6FBC8210B4DC639A859C7B15E734E9498B91
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 04DF0C4C Relevance: .1, Instructions: 123COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2099784074.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_4df0000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 11a55cc83c66288ae4833407dccb39d6a4df67f53c77d5623c4a3606b6631f80
                                                                                                                                          • Instruction ID: 9653a23aab93e339f83e46e69e2861ded6b9128b7cacc0250d88e9695da99df1
                                                                                                                                          • Opcode Fuzzy Hash: 11a55cc83c66288ae4833407dccb39d6a4df67f53c77d5623c4a3606b6631f80
                                                                                                                                          • Instruction Fuzzy Hash: 6E4112B0D103099FDB20CFA9D885B9EBBF1FB49314F209069E814AB354D775A885CF45
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 04DF2A63 Relevance: .1, Instructions: 122COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2099784074.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_4df0000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: ecdf98d789b7dce2a64855108f456f6621939aa03a289edcb59a483ddd5e7a13
                                                                                                                                          • Instruction ID: 3d8af9437299bcc490c3f31476cf0eecb370b4dd33e568bce769c89b9d26ebb3
                                                                                                                                          • Opcode Fuzzy Hash: ecdf98d789b7dce2a64855108f456f6621939aa03a289edcb59a483ddd5e7a13
                                                                                                                                          • Instruction Fuzzy Hash: 234110B0D103099FDB20CFA9D884B9EBBF1FB49314F209029E818AB354D775A885CF45
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3C4EE0 Relevance: .1, Instructions: 113COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 02fb877ac59489688fa2e2751e6dee112171830ad23c0732f7ad1f0ddb91db70
                                                                                                                                          • Instruction ID: a21633088208bad63db4c992caa3be1934688015ec11df92bff9981d946f377a
                                                                                                                                          • Opcode Fuzzy Hash: 02fb877ac59489688fa2e2751e6dee112171830ad23c0732f7ad1f0ddb91db70
                                                                                                                                          • Instruction Fuzzy Hash: D941AF7120C30D0ED35CFDE896DB397B6E4E38D280F41543F9B418B1A2FEA0995996C4
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 02831588 Relevance: .1, Instructions: 111COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091797344.0000000002830000.00000040.00000800.00020000.00000000.sdmp, Offset: 02830000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_2830000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 1897d4c82c76743c008a78a2f7117ce4ddaa22370d09e43f12e4c041df64c17c
                                                                                                                                          • Instruction ID: eea8cdce9e31def1cd0bac655e59410e0ca787b7f2d39eab9a5ee80ad54d1b9c
                                                                                                                                          • Opcode Fuzzy Hash: 1897d4c82c76743c008a78a2f7117ce4ddaa22370d09e43f12e4c041df64c17c
                                                                                                                                          • Instruction Fuzzy Hash: 44416FB5E01A588BEB68CF6BCC4478EFAF7AFC9300F14C5BA840DA6215EB7105958F41
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 04DFBEF8 Relevance: .1, Instructions: 106COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2099784074.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_4df0000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e478e033fa6e86e8e8dad815138d5d5ba5c2fff09f44a18cff2b43c19cb08ebe
                                                                                                                                          • Instruction ID: 81e9d84a0a62598e026a46d5238c0ea9475a80046fc9aa7149b476a835c42d77
                                                                                                                                          • Opcode Fuzzy Hash: e478e033fa6e86e8e8dad815138d5d5ba5c2fff09f44a18cff2b43c19cb08ebe
                                                                                                                                          • Instruction Fuzzy Hash: 4E415474D00608CFCB20CFA9D980AAEBBF1FF89320F24956AD559A7350C731A802CF60
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 02831578 Relevance: .1, Instructions: 97COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2091797344.0000000002830000.00000040.00000800.00020000.00000000.sdmp, Offset: 02830000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_2830000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: f4a03b12b01e027b162c211e3f791a56eab8c3afc3decb02adf8c6c06aac575a
                                                                                                                                          • Instruction ID: f8f2ea52bfc9878534420c7701de33dce5b35565da9eacd2a18befe41b5b9aeb
                                                                                                                                          • Opcode Fuzzy Hash: f4a03b12b01e027b162c211e3f791a56eab8c3afc3decb02adf8c6c06aac575a
                                                                                                                                          • Instruction Fuzzy Hash: 44412FB1E016588BEB5CCF6B8D4478EFAF3AFC9300F18C5BA840CAA255EB7105568F41
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 04DFC479 Relevance: .1, Instructions: 90COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2099784074.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_4df0000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: f6519bd2871e70bf9a07c4aad88f5520034925ca13fda131e2bb87b2fe864282
                                                                                                                                          • Instruction ID: ef0e3129af0041a120009d4454116a70bcdfe5153110795e0c5ab1c04a1e2719
                                                                                                                                          • Opcode Fuzzy Hash: f6519bd2871e70bf9a07c4aad88f5520034925ca13fda131e2bb87b2fe864282
                                                                                                                                          • Instruction Fuzzy Hash: FC31B8B5D012589FCB10CFA9D884AEEFBF0AB49310F24902AE418B7310D778AA45CB64
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 04DFC480 Relevance: .1, Instructions: 89COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2099784074.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_4df0000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 1720bf9976062d4b8fe4a92b34a94a720e00167933bf757c16671ede201fc48f
                                                                                                                                          • Instruction ID: 70f31613e5d47985d0d094cac7cb414031add2389c856cb4bf92f9ee635ee715
                                                                                                                                          • Opcode Fuzzy Hash: 1720bf9976062d4b8fe4a92b34a94a720e00167933bf757c16671ede201fc48f
                                                                                                                                          • Instruction Fuzzy Hash: 3D31A9B5D05258DFDB10CFAAD884AEEFBF4BB49310F24906AE414B7310D778A945CB64
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 04DF3E38 Relevance: .1, Instructions: 87COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2099784074.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_4df0000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 7f11275b2253407ed07cbff97d0edc24374bcc6ddadc3105f246c913d60674c7
                                                                                                                                          • Instruction ID: 2a76976a153f301ddf68d59fa351f3e37b4bc4d873c95c3d008d1db143ec4e62
                                                                                                                                          • Opcode Fuzzy Hash: 7f11275b2253407ed07cbff97d0edc24374bcc6ddadc3105f246c913d60674c7
                                                                                                                                          • Instruction Fuzzy Hash: 6231A275D01209AFDB04CFA9D480AEEBBB5FF89310F10906AE915B7360DB70AA04CB95
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 04DF3F48 Relevance: .1, Instructions: 87COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2099784074.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_4df0000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: cad8c17cc118f05f615e5e5b4cf678634449b8f2c3c0335bde49dbeb650a36fd
                                                                                                                                          • Instruction ID: bacc206b8748369eb1aaece9266267009fe9da5ea3873095e2037c23173db531
                                                                                                                                          • Opcode Fuzzy Hash: cad8c17cc118f05f615e5e5b4cf678634449b8f2c3c0335bde49dbeb650a36fd
                                                                                                                                          • Instruction Fuzzy Hash: 3831A375E41209AFDB04CFA9D480AEEFBB5FF49310F10946AE915B7360DB70AA04CB95
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 04DF4058 Relevance: .1, Instructions: 87COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2099784074.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_4df0000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: b6a18d602ceac6e519146152f71f26cf5ea9153225d5bc9a4fd86e7acebb3f76
                                                                                                                                          • Instruction ID: f57436e9dbaa5bb514e1c3a2df1428509c040a6b15596d4ddb6121295c8a1eeb
                                                                                                                                          • Opcode Fuzzy Hash: b6a18d602ceac6e519146152f71f26cf5ea9153225d5bc9a4fd86e7acebb3f76
                                                                                                                                          • Instruction Fuzzy Hash: 4F31A275D01208AFDB04DFA9D480AEEBBB5FF49310F10906AE915B7360DB70AA04CF95
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 04DF4168 Relevance: .1, Instructions: 87COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2099784074.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_4df0000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d4ca1801ac88973771dfe71b3824999c28234834f4c88888f6b724b0ffec5018
                                                                                                                                          • Instruction ID: 65256870400f2a8eeb00d20362831d231a9560cf2df17adae462264c6cd0a114
                                                                                                                                          • Opcode Fuzzy Hash: d4ca1801ac88973771dfe71b3824999c28234834f4c88888f6b724b0ffec5018
                                                                                                                                          • Instruction Fuzzy Hash: 0231A375D01209AFDB04CFA9D480AEEBBF5FF49310F10906AE915B7360DB70AA04CB95
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D376650 Relevance: .1, Instructions: 71COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 6c2a4e5319b11e48729058604c95f45a5f512c01db7aed5589e00d7c185c0113
                                                                                                                                          • Instruction ID: 3946d7ad0fc915e284e45bebf3156d055b44c9cb63866be98028105878326c2a
                                                                                                                                          • Opcode Fuzzy Hash: 6c2a4e5319b11e48729058604c95f45a5f512c01db7aed5589e00d7c185c0113
                                                                                                                                          • Instruction Fuzzy Hash: D02105327155524BD705CE2EC8908A2B7A6FF8D31471981F9E808DB283CA75E916C7D0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D378B30 Relevance: .1, Instructions: 70COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 519b3b72f4d0e40bab733eecf5f1683974662187ffa70974d5324fa566ddd64b
                                                                                                                                          • Instruction ID: 56d1427c87977d7993140e1e10c0388bc90a2d0c9b31cfd9f93e74a399224211
                                                                                                                                          • Opcode Fuzzy Hash: 519b3b72f4d0e40bab733eecf5f1683974662187ffa70974d5324fa566ddd64b
                                                                                                                                          • Instruction Fuzzy Hash: 78219F75704A874BE715CF2EC84059BBBA3EFD9300B1980B7E858DB242C675E866CBC0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D37C7B0 Relevance: .1, Instructions: 68COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 491a25c253d72754cd753df5ea73fe4730b8206852d94c2a89a3efade510d907
                                                                                                                                          • Instruction ID: 8879e93c983eca4db5670020fd1b10188aa487243b6386efa72963cfcb9096e9
                                                                                                                                          • Opcode Fuzzy Hash: 491a25c253d72754cd753df5ea73fe4730b8206852d94c2a89a3efade510d907
                                                                                                                                          • Instruction Fuzzy Hash: DB11E935709A830BF314CE2EE840493B797AFCD31475A85AEA454DF146CB75E456C781
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D37A7E0 Relevance: .1, Instructions: 68COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: ef0fe430f5274c6fa702dd06a168edf7b4634a1fa37fbabfcf4ba1ecb026e4e8
                                                                                                                                          • Instruction ID: 570555751d708475b2c3f5824c76541c30b80c4ed51d1900d61d4206fad40597
                                                                                                                                          • Opcode Fuzzy Hash: ef0fe430f5274c6fa702dd06a168edf7b4634a1fa37fbabfcf4ba1ecb026e4e8
                                                                                                                                          • Instruction Fuzzy Hash: 75110631A156924BD3118E2DC8406D6BF67AFCE710B0A81EAE858DF217C779D81BC7D0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 04DFBFB1 Relevance: .1, Instructions: 66COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2099784074.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_4df0000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d1e3bdb21ddd30718f32d80f3d6fa4ffc655cb1562579ee9b58883cfbe03df2b
                                                                                                                                          • Instruction ID: 2f23caf00a69dc2445fb3997ab9a91e68788e03b91249bec1799e3e4e7c5f474
                                                                                                                                          • Opcode Fuzzy Hash: d1e3bdb21ddd30718f32d80f3d6fa4ffc655cb1562579ee9b58883cfbe03df2b
                                                                                                                                          • Instruction Fuzzy Hash: 1921AAB5D052089FCB10CFA9D980ADEBBF0BB49720F24A06AE918B7310D775A945CF65
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 04DFBFB8 Relevance: .1, Instructions: 65COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2099784074.0000000004DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DF0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_4df0000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 93ff4b5d0f533bb788f9fa4d8187d2176a9ba89f2418f9cdfbe4293bc4e41159
                                                                                                                                          • Instruction ID: 0fae1dcbcc0db250fe785346274c4ba229d51fb04689c8b98ee2fbfa2c2067f4
                                                                                                                                          • Opcode Fuzzy Hash: 93ff4b5d0f533bb788f9fa4d8187d2176a9ba89f2418f9cdfbe4293bc4e41159
                                                                                                                                          • Instruction Fuzzy Hash: F621AAB5D052088FCB10CFA9D980ADEFBF4BB49720F24A01AE918B3310D775A905CF65
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3D84B0 Relevance: .1, Instructions: 53COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 768b70b48d66ffd582c75e3e7b14c388656c50ff2718858b88114b46d8041580
                                                                                                                                          • Instruction ID: 65d3eaf22e121978a620f4192bda41194e75653ad5c643824a4eff146a933c34
                                                                                                                                          • Opcode Fuzzy Hash: 768b70b48d66ffd582c75e3e7b14c388656c50ff2718858b88114b46d8041580
                                                                                                                                          • Instruction Fuzzy Hash: 7B115E72908649EFCB14CF59D841BAAFBF5FB44720F10863EE81993B80D735A900CB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3E6FB1 Relevance: 54.3, APIs: 36, Instructions: 344COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • operator+.LIBCMT ref: 6D3E6FCC
                                                                                                                                            • Part of subcall function 6D3E4147: DName::DName.LIBCMT ref: 6D3E415A
                                                                                                                                            • Part of subcall function 6D3E4147: DName::operator+.LIBCMT ref: 6D3E4161
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: NameName::Name::operator+operator+
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2937105810-0
                                                                                                                                          • Opcode ID: 5a4e97f361810222abd27d103ec1315653449d733df6e8980d59810195dbab53
                                                                                                                                          • Instruction ID: 3c59d0f7d219a0563f30837897f6d963fded9357a5b2f444216c4e80d9215a21
                                                                                                                                          • Opcode Fuzzy Hash: 5a4e97f361810222abd27d103ec1315653449d733df6e8980d59810195dbab53
                                                                                                                                          • Instruction Fuzzy Hash: 8CD131B1D04219AFDF01DFA4C881AEEBBF8AF08385F118067E651E72D1DB359A45CB50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3DEC9D Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,6D3DA2D4,6D4095C0,00000008,6D3DA468,?,?,?,6D4095E0,0000000C,6D3DA523,?), ref: 6D3DECA5
                                                                                                                                          • __mtterm.LIBCMT ref: 6D3DECB1
                                                                                                                                            • Part of subcall function 6D3DE97C: DecodePointer.KERNEL32(00000012,6D3DA397,6D3DA37D,6D4095C0,00000008,6D3DA468,?,?,?,6D4095E0,0000000C,6D3DA523,?), ref: 6D3DE98D
                                                                                                                                            • Part of subcall function 6D3DE97C: TlsFree.KERNEL32(0000000C,6D3DA397,6D3DA37D,6D4095C0,00000008,6D3DA468,?,?,?,6D4095E0,0000000C,6D3DA523,?), ref: 6D3DE9A7
                                                                                                                                            • Part of subcall function 6D3DE97C: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,6D3DA397,6D3DA37D,6D4095C0,00000008,6D3DA468,?,?,?,6D4095E0,0000000C,6D3DA523,?), ref: 6D3E2325
                                                                                                                                            • Part of subcall function 6D3DE97C: DeleteCriticalSection.KERNEL32(0000000C,?,?,6D3DA397,6D3DA37D,6D4095C0,00000008,6D3DA468,?,?,?,6D4095E0,0000000C,6D3DA523,?), ref: 6D3E234F
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 6D3DECC7
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 6D3DECD4
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 6D3DECE1
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 6D3DECEE
                                                                                                                                          • TlsAlloc.KERNEL32(?,?,6D3DA2D4,6D4095C0,00000008,6D3DA468,?,?,?,6D4095E0,0000000C,6D3DA523,?), ref: 6D3DED3E
                                                                                                                                          • TlsSetValue.KERNEL32(00000000,?,?,6D3DA2D4,6D4095C0,00000008,6D3DA468,?,?,?,6D4095E0,0000000C,6D3DA523,?), ref: 6D3DED59
                                                                                                                                          • __init_pointers.LIBCMT ref: 6D3DED63
                                                                                                                                          • EncodePointer.KERNEL32(?,?,6D3DA2D4,6D4095C0,00000008,6D3DA468,?,?,?,6D4095E0,0000000C,6D3DA523,?), ref: 6D3DED74
                                                                                                                                          • EncodePointer.KERNEL32(?,?,6D3DA2D4,6D4095C0,00000008,6D3DA468,?,?,?,6D4095E0,0000000C,6D3DA523,?), ref: 6D3DED81
                                                                                                                                          • EncodePointer.KERNEL32(?,?,6D3DA2D4,6D4095C0,00000008,6D3DA468,?,?,?,6D4095E0,0000000C,6D3DA523,?), ref: 6D3DED8E
                                                                                                                                          • EncodePointer.KERNEL32(?,?,6D3DA2D4,6D4095C0,00000008,6D3DA468,?,?,?,6D4095E0,0000000C,6D3DA523,?), ref: 6D3DED9B
                                                                                                                                          • DecodePointer.KERNEL32(Function_0006EB00,?,?,6D3DA2D4,6D4095C0,00000008,6D3DA468,?,?,?,6D4095E0,0000000C,6D3DA523,?), ref: 6D3DEDBC
                                                                                                                                          • __calloc_crt.LIBCMT ref: 6D3DEDD1
                                                                                                                                          • DecodePointer.KERNEL32(00000000,?,?,6D3DA2D4,6D4095C0,00000008,6D3DA468,?,?,?,6D4095E0,0000000C,6D3DA523,?), ref: 6D3DEDEB
                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 6D3DEDFD
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm
                                                                                                                                          • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                                          • API String ID: 1868149495-3819984048
                                                                                                                                          • Opcode ID: 1fc975d91a5bc43ce667362a3108517c2364d56957962038306e60182294b101
                                                                                                                                          • Instruction ID: e0e1f830231ee5d71d65122f3e0dfe4996d59175444637cd57e57611df82f740
                                                                                                                                          • Opcode Fuzzy Hash: 1fc975d91a5bc43ce667362a3108517c2364d56957962038306e60182294b101
                                                                                                                                          • Instruction Fuzzy Hash: 65314C3280431EAEDF51BF75AD0A739FFB5AB4A664715053AE4B0E21A0DB35C941CF90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D380EA0 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 337COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _memmove$Xinvalid_argumentstd::_
                                                                                                                                          • String ID: invalid string position$string too long
                                                                                                                                          • API String ID: 1771113911-4289949731
                                                                                                                                          • Opcode ID: 1bfb89a87efe3e0edc94debf4f0eb164ad5975da7b705632ba25e6bf14685499
                                                                                                                                          • Instruction ID: 6f70b03aed8d31e6c02526104e82b8b067c84f5f5ee3453139f4d25f40d3ba61
                                                                                                                                          • Opcode Fuzzy Hash: 1bfb89a87efe3e0edc94debf4f0eb164ad5975da7b705632ba25e6bf14685499
                                                                                                                                          • Instruction Fuzzy Hash: EBB16F727241449BDB28CF1CDC91E9EB3AAEB85754714891CF9A6CB742C734EC41CBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3E7FC4 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 138COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • UnDecorator::getBasicDataType.LIBCMT ref: 6D3E7FFF
                                                                                                                                          • DName::operator=.LIBCMT ref: 6D3E8013
                                                                                                                                          • DName::operator+=.LIBCMT ref: 6D3E8021
                                                                                                                                          • UnDecorator::getPtrRefType.LIBCMT ref: 6D3E804D
                                                                                                                                          • UnDecorator::getDataIndirectType.LIBCMT ref: 6D3E80CA
                                                                                                                                          • UnDecorator::getBasicDataType.LIBCMT ref: 6D3E80D3
                                                                                                                                          • operator+.LIBCMT ref: 6D3E8166
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Decorator::getType$Data$Basic$IndirectName::operator+=Name::operator=operator+
                                                                                                                                          • String ID: PX>m$std::nullptr_t$volatile
                                                                                                                                          • API String ID: 2203807771-3306692451
                                                                                                                                          • Opcode ID: 16e67ec1aae8394d2ee5afcc766c1b005e54f2d5c7e3076a91f4c2ae78afb195
                                                                                                                                          • Instruction ID: 83670322576ab3f9253601525a00e169bf1f5337a0823f24b8a59d8d66969949
                                                                                                                                          • Opcode Fuzzy Hash: 16e67ec1aae8394d2ee5afcc766c1b005e54f2d5c7e3076a91f4c2ae78afb195
                                                                                                                                          • Instruction Fuzzy Hash: EF4180B1C18529BFCB119F54CC42ABDBB78FF863C1F048067EA5596296D7329A42CB60
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D395140 Relevance: 21.2, APIs: 14, Instructions: 203COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D395177
                                                                                                                                            • Part of subcall function 6D3A2820: _malloc.LIBCMT ref: 6D3A2871
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000004), ref: 6D3951B9
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(00000011,00000000,00000000), ref: 6D3951D5
                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000000,00000000), ref: 6D3951E5
                                                                                                                                          • _memmove.LIBCMT ref: 6D3951FF
                                                                                                                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6D395208
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6D39522C
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6D395263
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39526C
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000002,?), ref: 6D3952AD
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D3952B6
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000002,00000002), ref: 6D3952D2
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D39534E
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D395358
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArraySafe$ElementVariant$Clear$CreateDataVector$AccessDestroyInitUnaccess_malloc_memmove
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 452649785-0
                                                                                                                                          • Opcode ID: 03ed3b3ec16806f195af5629bbd4ef78b22851ab139612d39066c17608f73816
                                                                                                                                          • Instruction ID: 095b291979719ce03816880d93c95adf836c293b6586f3739bc5bbdadd4a6503
                                                                                                                                          • Opcode Fuzzy Hash: 03ed3b3ec16806f195af5629bbd4ef78b22851ab139612d39066c17608f73816
                                                                                                                                          • Instruction Fuzzy Hash: 1C7117B1A0021AABDB00DFA5D985BAFBBB8FF59304F048119E915DB240E775E945CBA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3949B0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 174COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VariantInit.OLEAUT32(6D3F05A8), ref: 6D3949EE
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D3949F7
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D3949FD
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D394A08
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D394A39
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D394A45
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D394B66
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D394B76
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D394B7C
                                                                                                                                          • VariantClear.OLEAUT32(6D3F05A8), ref: 6D394B82
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                                                                                                                          • String ID: 19m$19m
                                                                                                                                          • API String ID: 2515392200-3824423336
                                                                                                                                          • Opcode ID: efcfb2ca6a9de50d61bc5c99833524b91c4b77c0719b99cc7124b0139a09cd96
                                                                                                                                          • Instruction ID: 1206242802ee6669d00f0ced494cd4a6e794fda40a75c1c63fa064945af93413
                                                                                                                                          • Opcode Fuzzy Hash: efcfb2ca6a9de50d61bc5c99833524b91c4b77c0719b99cc7124b0139a09cd96
                                                                                                                                          • Instruction Fuzzy Hash: C9514072A04219AFDB04DFA4DC85FBEB7B8FF89310F044159E915EB244D775A901CBA4
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D394BA0 Relevance: 19.7, APIs: 10, Strings: 1, Instructions: 475COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D394BDC
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D394BE5
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D394BEB
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D394BF6
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6D394C2A
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D394C37
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D395107
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D395117
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39511D
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D395123
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                                                                                                                          • String ID: 29m
                                                                                                                                          • API String ID: 2515392200-1176777015
                                                                                                                                          • Opcode ID: 424522b3925e90aa8bd7f12297dda7d0a363eeb3184a80081e7c641ee8ed1f2f
                                                                                                                                          • Instruction ID: d33779c9af8e9f83101c2a4d7b2212222b7d6a9adb85f9a000300fb933c789f7
                                                                                                                                          • Opcode Fuzzy Hash: 424522b3925e90aa8bd7f12297dda7d0a363eeb3184a80081e7c641ee8ed1f2f
                                                                                                                                          • Instruction Fuzzy Hash: 3812E575615705AFC758DBA8DD84DBAB3B9BF8C300F144668F50AABB91DA30F841CB50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D38F95E Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 332COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D38FA0F
                                                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D38FA22
                                                                                                                                          • SafeArrayGetElement.OLEAUT32 ref: 6D38FA5A
                                                                                                                                            • Part of subcall function 6D393A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D393B71
                                                                                                                                            • Part of subcall function 6D393A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D393B83
                                                                                                                                            • Part of subcall function 6D3969C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6D396A08
                                                                                                                                            • Part of subcall function 6D3969C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D396A15
                                                                                                                                            • Part of subcall function 6D3969C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D396A41
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923B3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923C3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923D6
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923E9
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923FC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39240F
                                                                                                                                            • Part of subcall function 6D38DFB0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6D38DFF6
                                                                                                                                            • Part of subcall function 6D38DFB0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D38E003
                                                                                                                                            • Part of subcall function 6D38DFB0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D38E02F
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArraySafe$Bound$Destroy$Element
                                                                                                                                          • String ID: RS7m$RS{m
                                                                                                                                          • API String ID: 959723449-144615663
                                                                                                                                          • Opcode ID: bcae0ef143eb87f014faad798323e5f55b46cb0d008f8e4365cda0c7262e3114
                                                                                                                                          • Instruction ID: 15b4f8f428ca80626129928b16958a30cef00f2c3b9a09b934227d94b9f6a30f
                                                                                                                                          • Opcode Fuzzy Hash: bcae0ef143eb87f014faad798323e5f55b46cb0d008f8e4365cda0c7262e3114
                                                                                                                                          • Instruction Fuzzy Hash: C5C16E74A04605AFEB10CF68CD80FADB7B9AF85304F508198EA45EF287DB75E940CB50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D393690 Relevance: 18.2, APIs: 12, Instructions: 215COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Variant$Init$Clear$Copy
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3833040332-0
                                                                                                                                          • Opcode ID: 9e35fd09cee91328dce3d68651981d8a80f2219c6a8195c4ba82de6d959ba166
                                                                                                                                          • Instruction ID: 4ea47355afd709eef9bedf47fe3a6f47fc627054bed49b57afdb3e87e58969a9
                                                                                                                                          • Opcode Fuzzy Hash: 9e35fd09cee91328dce3d68651981d8a80f2219c6a8195c4ba82de6d959ba166
                                                                                                                                          • Instruction Fuzzy Hash: F7815EB1904219AFDB04DFA8CD84FEEBBB9BF49304F14815DE509AB341EB35A905CB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39D880 Relevance: 18.2, APIs: 12, Instructions: 202COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D39D8EC
                                                                                                                                          • VariantInit.OLEAUT32 ref: 6D39D902
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D39D90D
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6D39D929
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6D39D966
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39D973
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6D39D9B4
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39D9C1
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39DA6F
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39DA80
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39DA87
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39DA99
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Variant$Clear$ArraySafe$Init$Element$CreateDestroyVector
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1625659656-0
                                                                                                                                          • Opcode ID: 208d1fbbce825002dcc1936a402622b2f826a93709ea05fd6ca7bd1127c484df
                                                                                                                                          • Instruction ID: 4f746f7f680d43cabf2ea2ee5eb42b27686b6eeb6732dfa1d9c6cdf3cd962d4d
                                                                                                                                          • Opcode Fuzzy Hash: 208d1fbbce825002dcc1936a402622b2f826a93709ea05fd6ca7bd1127c484df
                                                                                                                                          • Instruction Fuzzy Hash: 4B8124722083069FC700CF68D885B5ABBF8BFC9714F048A5DE9949B350E775E905CBA2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D37FC30 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 154fileCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • UnmapViewOfFile.KERNEL32(00000000,?,?,00000000,2D641B6B), ref: 6D37FC98
                                                                                                                                          • CloseHandle.KERNEL32(FFFFFFFF,?,?,00000000,2D641B6B), ref: 6D37FCAD
                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,00000000,2D641B6B), ref: 6D37FCB7
                                                                                                                                          • SetLastError.KERNEL32(00000000,?,?,00000000,2D641B6B), ref: 6D37FCBA
                                                                                                                                          • CreateFileW.KERNEL32(?,-00000001,00000001,00000000,00000003,00000000,00000000,?,?,00000000,2D641B6B), ref: 6D37FD01
                                                                                                                                          • GetFileSizeEx.KERNEL32(00000000,?,?,?,00000000,2D641B6B), ref: 6D37FD14
                                                                                                                                          • GetLastError.KERNEL32(?,?,00000000,2D641B6B), ref: 6D37FD2A
                                                                                                                                          • CreateFileMappingW.KERNEL32(?,00000000,?,00000000,00000000,00000000,?,?,00000000,2D641B6B), ref: 6D37FD6B
                                                                                                                                          • MapViewOfFile.KERNEL32(00000000,?,00000000,00000000,00000000,?,?,00000000,2D641B6B), ref: 6D37FD98
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: File$CloseCreateErrorHandleLastView$MappingSizeUnmap
                                                                                                                                          • String ID: .#v
                                                                                                                                          • API String ID: 1303881157-507759092
                                                                                                                                          • Opcode ID: d03f37a19323d84e97de6498a2c0532e6303c9b6fc6eb54de02a1121fc9c9dd9
                                                                                                                                          • Instruction ID: 160601ddf80fdd4bd69047feb24c3dec27c3b54c583078a3fd4a7aff696b0060
                                                                                                                                          • Opcode Fuzzy Hash: d03f37a19323d84e97de6498a2c0532e6303c9b6fc6eb54de02a1121fc9c9dd9
                                                                                                                                          • Instruction Fuzzy Hash: 8D51F6B5604703ABDB208F34D885B6677A8FB8D320F1586A9ED15CF2C5D779D801CBA8
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3812A0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 171COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                                                                          • String ID: invalid string position$string too long
                                                                                                                                          • API String ID: 2168136238-4289949731
                                                                                                                                          • Opcode ID: acc5a057c8fc7f0b644bf94b6a8f93cb250122445cde8d4384f04a74df67975b
                                                                                                                                          • Instruction ID: 0bda46efdc2f8d029ad519fe530b362202f10a34b575958d58914324f44121b5
                                                                                                                                          • Opcode Fuzzy Hash: acc5a057c8fc7f0b644bf94b6a8f93cb250122445cde8d4384f04a74df67975b
                                                                                                                                          • Instruction Fuzzy Hash: 4341E9323146049FD724CE6CECD0AAEB3AAEB85354724492EE5A1C7B42D7B1EC45C7B1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D375AAC Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 59COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D375ACB
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D375ABC
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D375AE0
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D375B18
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D375B2D
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw$std::exception::exception$Copy_strExceptionRaise_mallocstd::exception::_
                                                                                                                                          • String ID: 0B?m$0B?m$0B?m$0B?m
                                                                                                                                          • API String ID: 921928366-595128632
                                                                                                                                          • Opcode ID: 377815d2b7771b578aa1d18c97833452c19eb701d81bf6d8c44d99635b04fe9d
                                                                                                                                          • Instruction ID: 8481f661dd35eea50241dcd7a9e62e05fdf7936c2a84169f8b19fd7e1b014cf7
                                                                                                                                          • Opcode Fuzzy Hash: 377815d2b7771b578aa1d18c97833452c19eb701d81bf6d8c44d99635b04fe9d
                                                                                                                                          • Instruction Fuzzy Hash: 2F0129B6C14208ABDB44DFE4D955DEE77B8AF28344F01C169EA49A7100EB71AA04CFB5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3947D0 Relevance: 15.2, APIs: 10, Instructions: 168COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D39480C
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D394815
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D39481B
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D394826
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,000000FF,?), ref: 6D39485B
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D394868
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D394974
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D394984
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39498A
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D394990
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2515392200-0
                                                                                                                                          • Opcode ID: d49b21dfc74449283a0d9bb38d088b9b253fc6682730dc04c09306ffa7d72ce2
                                                                                                                                          • Instruction ID: 73d91c0908a0e439f17d35895e4d67e9c351753a3f9fd5291d40af97ecb4b205
                                                                                                                                          • Opcode Fuzzy Hash: d49b21dfc74449283a0d9bb38d088b9b253fc6682730dc04c09306ffa7d72ce2
                                                                                                                                          • Instruction Fuzzy Hash: 30515C7290425AAFDB04DFA8CD80EAEB7B9FF89310F14456DE615EB640D731A905CBA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D38DCD0 Relevance: 15.1, APIs: 10, Instructions: 138COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D38DD00
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000003), ref: 6D38DD10
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,6D392FFF,?), ref: 6D38DD47
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D38DD4F
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,6D392FFF,?), ref: 6D38DD6D
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000002,?), ref: 6D38DDA4
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D38DDAC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D38DE16
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D38DE27
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D38DE31
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArraySafe$Variant$ClearElement$Destroy$CreateInitVector
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3525949229-0
                                                                                                                                          • Opcode ID: af3e2657b0ffc3f70ac7c58a2f822db364ed348a60fd070cbe13285d5dfa7a53
                                                                                                                                          • Instruction ID: be7e013cd08f584bc3a0b860b45ddbf4a2b59b009649ff3d77f2bfcd2f8c648f
                                                                                                                                          • Opcode Fuzzy Hash: af3e2657b0ffc3f70ac7c58a2f822db364ed348a60fd070cbe13285d5dfa7a53
                                                                                                                                          • Instruction Fuzzy Hash: 9D514E75900609AFDB00DFA5D884FEEBBB8FF9D700F05811AEA1597351DB35A905CBA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D38E120 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 364COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayGetLBound.OLEAUT32(00000000,?,?), ref: 6D38E29B
                                                                                                                                          • SafeArrayGetUBound.OLEAUT32(00000000,?,?), ref: 6D38E2B6
                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6D38E2D7
                                                                                                                                            • Part of subcall function 6D395760: std::tr1::_Xweak.LIBCPMT ref: 6D395769
                                                                                                                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6D38E309
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D38E523
                                                                                                                                          • InterlockedCompareExchange.KERNEL32(6D41C6A4,45524548,4B4F4F4C), ref: 6D38E544
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArraySafe$BoundData$AccessCompareDestroyExchangeInterlockedUnaccessXweak_mallocstd::tr1::_
                                                                                                                                          • String ID: .:m$ .:m
                                                                                                                                          • API String ID: 2722669376-2155318909
                                                                                                                                          • Opcode ID: 30ff278540cc615fba60d086971a4cdc2ffb520367099c4a5e20d1b76ddcd831
                                                                                                                                          • Instruction ID: 59c7146052e41314c6c0593fe5dff446cc47af43aa2b056c1718e6c4f7e3e2f0
                                                                                                                                          • Opcode Fuzzy Hash: 30ff278540cc615fba60d086971a4cdc2ffb520367099c4a5e20d1b76ddcd831
                                                                                                                                          • Instruction Fuzzy Hash: A7D1D4B1A043459FDB10CFA4C885BAE77F8EF45304F158469EA45EB282E776ED40CBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3AC1B0 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 266COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D3AC213
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D90ED
                                                                                                                                            • Part of subcall function 6D3D90D8: __CxxThrowException@8.LIBCMT ref: 6D3D9102
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D9113
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                                                                          • String ID: gfff$gfff$gfff$gfff$gfff$gfff$vector<T> too long
                                                                                                                                          • API String ID: 1823113695-1254974138
                                                                                                                                          • Opcode ID: 2b8e3f43f6d69ddcc305c59d6cded59a7210cfe2f0cd455bf832f6962a541ded
                                                                                                                                          • Instruction ID: c9d9065b34fba86f7253aa825ec0c13dd5ad5151d25c273e4af4a7fd6f4d4496
                                                                                                                                          • Opcode Fuzzy Hash: 2b8e3f43f6d69ddcc305c59d6cded59a7210cfe2f0cd455bf832f6962a541ded
                                                                                                                                          • Instruction Fuzzy Hash: A3917775A04209AFCB18CF59DC90EAEB7B9EB88314F14C61DE555DB740D770BA04CBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D380CD0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 196COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                                                                          • String ID: invalid string position$string too long
                                                                                                                                          • API String ID: 2168136238-4289949731
                                                                                                                                          • Opcode ID: fdcef31135a04a827029adabf6d54590f85bc1bfb0f8799e2f385b6a28baf1ee
                                                                                                                                          • Instruction ID: 3f4976de37c7e1b9097f4dbf46f7b780721cccad4b257f416216adaa39e2bcf0
                                                                                                                                          • Opcode Fuzzy Hash: fdcef31135a04a827029adabf6d54590f85bc1bfb0f8799e2f385b6a28baf1ee
                                                                                                                                          • Instruction Fuzzy Hash: 2751F5323166049BD724CE5ED880A5FB3AAEBC5350B24892EF895C7386D771FC4587A1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3D42B0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 186COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D3D42DD
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D90ED
                                                                                                                                            • Part of subcall function 6D3D90D8: __CxxThrowException@8.LIBCMT ref: 6D3D9102
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D9113
                                                                                                                                          • _memmove.LIBCMT ref: 6D3D4363
                                                                                                                                          • _memmove.LIBCMT ref: 6D3D4381
                                                                                                                                          • _memmove.LIBCMT ref: 6D3D43E6
                                                                                                                                          • _memmove.LIBCMT ref: 6D3D4453
                                                                                                                                          • _memmove.LIBCMT ref: 6D3D4474
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                                                                          • String ID: lg=m$vector<T> too long
                                                                                                                                          • API String ID: 4034224661-4142542155
                                                                                                                                          • Opcode ID: e33684579c6781dc65f74d108321ce78d05c8035cb91f793e603bcb2fd49f856
                                                                                                                                          • Instruction ID: df3f74396f8533edc6707b58213d68f5957c875d51d8cfe01b6a265e7ea82ba1
                                                                                                                                          • Opcode Fuzzy Hash: e33684579c6781dc65f74d108321ce78d05c8035cb91f793e603bcb2fd49f856
                                                                                                                                          • Instruction Fuzzy Hash: 505173B27082064FC718CF78DC8596BB7E5EBD8214F198A2DE986C3344E671E904CB61
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3A1B20 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 154libraryloaderCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetModuleHandleW.KERNEL32(User32.dll,?,00000000,?,?,?,?,?,?,?,?), ref: 6D3A1C5E
                                                                                                                                          • LoadLibraryW.KERNEL32(User32.dll,?,00000000,?,?,?,?,?,?,?,?), ref: 6D3A1C69
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,F1F2E532), ref: 6D3A1CA2
                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 6D3A1CC1
                                                                                                                                          • LoadLibraryW.KERNEL32(kernel32.dll,?,00000000), ref: 6D3A1CCC
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,EFF3E52B), ref: 6D3A1D0A
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                          • String ID: User32.dll$kernel32.dll
                                                                                                                                          • API String ID: 310444273-1965990335
                                                                                                                                          • Opcode ID: 1e8d37dd1dc9eeb09b1d5bf38ba1f804083e330a326fb3ce23018def9a0f486e
                                                                                                                                          • Instruction ID: 3c9eb6bae30604d60c08667e9f2517590aa6ce6d8b35cd2f588462eb0fb9c507
                                                                                                                                          • Opcode Fuzzy Hash: 1e8d37dd1dc9eeb09b1d5bf38ba1f804083e330a326fb3ce23018def9a0f486e
                                                                                                                                          • Instruction Fuzzy Hash: 4E6157B8200A059FC760CF58C585B6BBBF2FF4A704F648958D5D68BA42D736EC46CB81
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39C150 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 99COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D39C180
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,I79m,?), ref: 6D39C1B8
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39C1C4
                                                                                                                                          • VariantCopy.OLEAUT32(I79m,?), ref: 6D39C21B
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39C22F
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(00000000), ref: 6D39C23E
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArraySafeVariant$Clear$CopyCreateDestroyElementVector
                                                                                                                                          • String ID: I79m$I79m
                                                                                                                                          • API String ID: 3979206172-1549793962
                                                                                                                                          • Opcode ID: 175861bd6f002b73e4a0c884e29ce35c1727b16916877366f68710cb2875abd3
                                                                                                                                          • Instruction ID: 5cbea7ab2e43b32930b0c6628b394a4eb4673b2317c24fbbb32e9eefd54436f8
                                                                                                                                          • Opcode Fuzzy Hash: 175861bd6f002b73e4a0c884e29ce35c1727b16916877366f68710cb2875abd3
                                                                                                                                          • Instruction Fuzzy Hash: B4313C75A04209AFDB04DFA9D895FAEBBB8EF4D700F108529E916D7350EB35E901CB60
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D375A30 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 98COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D375ACB
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D375AE0
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D375B18
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D375B2D
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throwstd::exception::exception$_malloc
                                                                                                                                          • String ID: 0B?m$0B?m$0B?m$0B?m
                                                                                                                                          • API String ID: 3153320871-595128632
                                                                                                                                          • Opcode ID: d4bc4a1678a45901c2db30ecb604fac16ba694a7c107e32c61f9ed6488a8bba1
                                                                                                                                          • Instruction ID: 4409abc3dec78899dd006f668a99d35cdcdb9516027355d10ab85a74905283d4
                                                                                                                                          • Opcode Fuzzy Hash: d4bc4a1678a45901c2db30ecb604fac16ba694a7c107e32c61f9ed6488a8bba1
                                                                                                                                          • Instruction Fuzzy Hash: 8D31B5B2904608ABC714DF98D8419AAF7F8FF58754F00C22EE95597740E770A904CBE5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D387370 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 96COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • InitializeCriticalSection.KERNEL32(00000000,?,00000000,00000000,6D3F11FD,000000FF,?,6D388B80,00000000,?,00000000,?,6D388C13,?,?), ref: 6D387415
                                                                                                                                          • InitializeCriticalSection.KERNEL32(00000018,?,00000000,00000000,6D3F11FD,000000FF,?,6D388B80,00000000,?,00000000,?,6D388C13,?,?), ref: 6D38741B
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D38743D
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D387452
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D387461
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D387476
                                                                                                                                            • Part of subcall function 6D3D9BB5: std::exception::exception.LIBCMT ref: 6D3D9C04
                                                                                                                                            • Part of subcall function 6D3D9BB5: std::exception::exception.LIBCMT ref: 6D3D9C1E
                                                                                                                                            • Part of subcall function 6D3D9BB5: __CxxThrowException@8.LIBCMT ref: 6D3D9C2F
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: std::exception::exception$Exception@8Throw$CriticalInitializeSection$_malloc
                                                                                                                                          • String ID: 0B?m$0B?m
                                                                                                                                          • API String ID: 189561132-2506672065
                                                                                                                                          • Opcode ID: 544a1e2ad74b20ccf72e23a187384cbf9d3b013bbd935d5f69f78acca36c6fb2
                                                                                                                                          • Instruction ID: 1c398b7c0c7a965a623f7e1a95247d1f51bd0c4e9550a095e5276ccaeade12d8
                                                                                                                                          • Opcode Fuzzy Hash: 544a1e2ad74b20ccf72e23a187384cbf9d3b013bbd935d5f69f78acca36c6fb2
                                                                                                                                          • Instruction Fuzzy Hash: 8D319AB29046489FC750CF59C880AAAFBF4FF58300B45856EE946C7B01E331E500CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3E4409 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • UnDecorator::getArgumentList.LIBCMT ref: 6D3E442E
                                                                                                                                            • Part of subcall function 6D3E3FC9: Replicator::operator[].LIBCMT ref: 6D3E404C
                                                                                                                                            • Part of subcall function 6D3E3FC9: DName::operator+=.LIBCMT ref: 6D3E4054
                                                                                                                                          • DName::operator+.LIBCMT ref: 6D3E4487
                                                                                                                                          • DName::DName.LIBCMT ref: 6D3E44DF
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
                                                                                                                                          • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                                                                                          • API String ID: 834187326-2211150622
                                                                                                                                          • Opcode ID: 2799db1a940834f735ec9cfc8288d341afe8c95df03181beda185bee51dfd21d
                                                                                                                                          • Instruction ID: 136ab987a0f07e645dd37e40a7c7355cbc8a6a252d1b4f5b1aa64f6b98d05b72
                                                                                                                                          • Opcode Fuzzy Hash: 2799db1a940834f735ec9cfc8288d341afe8c95df03181beda185bee51dfd21d
                                                                                                                                          • Instruction Fuzzy Hash: FD217FB5304119AFCB01DF58C842A79BBF4AB8E389F0482A6E955CB29AC731D907CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3E5D36 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 55COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • UnDecorator::UScore.LIBCMT ref: 6D3E5D40
                                                                                                                                          • DName::DName.LIBCMT ref: 6D3E5D4C
                                                                                                                                            • Part of subcall function 6D3E3B3B: DName::doPchar.LIBCMT ref: 6D3E3B6C
                                                                                                                                          • UnDecorator::getScopedName.LIBCMT ref: 6D3E5D8B
                                                                                                                                          • DName::operator+=.LIBCMT ref: 6D3E5D95
                                                                                                                                          • DName::operator+=.LIBCMT ref: 6D3E5DA4
                                                                                                                                          • DName::operator+=.LIBCMT ref: 6D3E5DB0
                                                                                                                                          • DName::operator+=.LIBCMT ref: 6D3E5DBD
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
                                                                                                                                          • String ID: void
                                                                                                                                          • API String ID: 1480779885-3531332078
                                                                                                                                          • Opcode ID: 4e0c4b3c34ac7c5dcdb808e1817014fb04eea37e6347bfe604668e892884f566
                                                                                                                                          • Instruction ID: ae49320f83dbf541c33e4d3e8cd39db4c3f6131606092b3fce21a4918c2879c6
                                                                                                                                          • Opcode Fuzzy Hash: 4e0c4b3c34ac7c5dcdb808e1817014fb04eea37e6347bfe604668e892884f566
                                                                                                                                          • Instruction Fuzzy Hash: CC11E571505258AFD705DB68C889BBEBBB0AF01386F01809AD596AB2E1DB70DA46CB50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39C850 Relevance: 13.8, APIs: 9, Instructions: 271COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D39C88F
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D39C895
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6D39C8A0
                                                                                                                                          • SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6D39C8D5
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39C8E1
                                                                                                                                          • std::tr1::_Xweak.LIBCPMT ref: 6D39CB1C
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39CB39
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39CB49
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39CB4F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1774866819-0
                                                                                                                                          • Opcode ID: 568787877ecafa2eb5ee88d44387734aefa5eadac762ccf6b1a64f3ca52c884c
                                                                                                                                          • Instruction ID: 55c63ab3f1c07d086eb77f33f44a9f601205c1eac4468756b1495a0a30168482
                                                                                                                                          • Opcode Fuzzy Hash: 568787877ecafa2eb5ee88d44387734aefa5eadac762ccf6b1a64f3ca52c884c
                                                                                                                                          • Instruction Fuzzy Hash: 01B13975600609AFCB14DF98C884EBAB7F9BF8D310F15856CE606AB791D634F841CB60
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D393F10 Relevance: 13.7, APIs: 9, Instructions: 201COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D393F7B
                                                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D393F8D
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D393FB7
                                                                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D393FD0
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D3940C9
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D394105
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D394123
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D394157
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D394168
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Variant$ArrayClearSafe$Bound$DestroyElementInit
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 758290628-0
                                                                                                                                          • Opcode ID: 9e6d2d6d4cd038e5cbfa805a5db9d3c9458463b23dfd50ad48ded5b5c316329e
                                                                                                                                          • Instruction ID: 60a1140b9d2ce4aecc3b4aea161bcdc07f2757ab0e16193103370626d0d68e3e
                                                                                                                                          • Opcode Fuzzy Hash: 9e6d2d6d4cd038e5cbfa805a5db9d3c9458463b23dfd50ad48ded5b5c316329e
                                                                                                                                          • Instruction Fuzzy Hash: E4716A761083469FC700DF68C8C5A6BBBF8BB9D304F104A2DF6A58B250E731E945CB56
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3A4B60 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 143COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                                                                          • String ID: invalid string position$string too long
                                                                                                                                          • API String ID: 2168136238-4289949731
                                                                                                                                          • Opcode ID: 8ceedbe9ae7e5afd89bc969d36a3d474e0b9d493387547114f51c4a771928298
                                                                                                                                          • Instruction ID: 8402a9fab31404b460faf5018d56ef89e08dcc30c0a77b26ab0fb6db231b1087
                                                                                                                                          • Opcode Fuzzy Hash: 8ceedbe9ae7e5afd89bc969d36a3d474e0b9d493387547114f51c4a771928298
                                                                                                                                          • Instruction Fuzzy Hash: 3641C8323142109BD324CE1CE880F6EF3EAEB99714B26492FE1D9C7691DF61DC858761
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D38FFEA Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 130COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923B3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923C3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923D6
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923E9
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923FC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39240F
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID: RSDi
                                                                                                                                          • API String ID: 4225690600-559181253
                                                                                                                                          • Opcode ID: 85967beae5496d3beaa705ff0ce3f5ec1a0fcb8c60a2f5ba086fa407546ca966
                                                                                                                                          • Instruction ID: f173d320b8240ffeffe75af98ae9c7bacce211daae21ccfb50324ce13cb4f65a
                                                                                                                                          • Opcode Fuzzy Hash: 85967beae5496d3beaa705ff0ce3f5ec1a0fcb8c60a2f5ba086fa407546ca966
                                                                                                                                          • Instruction Fuzzy Hash: A3412E74A01A059FDB10DFA9C980E6AB7FAAF89300F608599E519DB355EB32E841CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D390815 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923B3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923C3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923D6
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923E9
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923FC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39240F
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID: RSUa
                                                                                                                                          • API String ID: 4225690600-2086061799
                                                                                                                                          • Opcode ID: e010e64a17df7b107089e940bec9e0c1a692c902bc4c6cd4d560f56bef680535
                                                                                                                                          • Instruction ID: e0b0fa3941028a0ab903e88f8afc7b75aab6319e155ddae66529345ac676cc2f
                                                                                                                                          • Opcode Fuzzy Hash: e010e64a17df7b107089e940bec9e0c1a692c902bc4c6cd4d560f56bef680535
                                                                                                                                          • Instruction Fuzzy Hash: 12316D74E00A099FDB10CF69CD81B6EB7B9AF89300F608596E518EB251D771DD81CF90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D390787 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923B3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923C3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923D6
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923E9
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923FC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39240F
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID: RSa
                                                                                                                                          • API String ID: 4225690600-3169278968
                                                                                                                                          • Opcode ID: 9f17464ff754cf82c9fa08e02b995a11b4b81c4466cdb3a48d42d35d07ec8db6
                                                                                                                                          • Instruction ID: d7b94bd5331669b19774f60548061497be2a37be43e5feae6008e1264814d353
                                                                                                                                          • Opcode Fuzzy Hash: 9f17464ff754cf82c9fa08e02b995a11b4b81c4466cdb3a48d42d35d07ec8db6
                                                                                                                                          • Instruction Fuzzy Hash: 75315C74A006099FDB10DF69CD81B6EB7B9AF89300F608596E518EB242D771D941CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3906F9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923B3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923C3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923D6
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923E9
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923FC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39240F
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID: RSqb
                                                                                                                                          • API String ID: 4225690600-347567867
                                                                                                                                          • Opcode ID: fddd7b7b9b3f0d0f7dd56f8c24b7fb8a055523ab4127c6581e99fb0ce6501dab
                                                                                                                                          • Instruction ID: 9b9be81cf13a2a43971ce039000ffcc79134378a80b9759bfdd42b6fe96270d8
                                                                                                                                          • Opcode Fuzzy Hash: fddd7b7b9b3f0d0f7dd56f8c24b7fb8a055523ab4127c6581e99fb0ce6501dab
                                                                                                                                          • Instruction Fuzzy Hash: 75315C74A00A099FCB10DF69CD81B6EB7B9AF89300F608596E518EB241EB75D941CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39012D Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923B3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923C3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923D6
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923E9
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923FC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39240F
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID: RS:h
                                                                                                                                          • API String ID: 4225690600-3891202347
                                                                                                                                          • Opcode ID: 157c73c6938508f31821877082efc83f16c10a949be4736735eeae97eb3c2c5e
                                                                                                                                          • Instruction ID: d28561c8c58ddac269a420041cb5ba49f44bd1eeef2537e2f270b26abfbfca25
                                                                                                                                          • Opcode Fuzzy Hash: 157c73c6938508f31821877082efc83f16c10a949be4736735eeae97eb3c2c5e
                                                                                                                                          • Instruction Fuzzy Hash: DD318D74E00A099FDB10CF69CD80B6EB7B9AF89300F608596E518EB256D771DD41CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D390237 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923B3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923C3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923D6
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923E9
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923FC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39240F
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID: RS3g
                                                                                                                                          • API String ID: 4225690600-2794631155
                                                                                                                                          • Opcode ID: 6e531bc78b79866cb32e1113666eca0c1ffa35633755aee615d1a2d8d111ffa5
                                                                                                                                          • Instruction ID: 78be6fee2568146b7e183c93fe337d6a8279fac42345da856823d28190353f2d
                                                                                                                                          • Opcode Fuzzy Hash: 6e531bc78b79866cb32e1113666eca0c1ffa35633755aee615d1a2d8d111ffa5
                                                                                                                                          • Instruction Fuzzy Hash: 78315C74A00A099FDB10CFA9CD81B6EB7F9AF89300F608696E558EB251DB71D941CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D386D40 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 101COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • _rand.LIBCMT ref: 6D386DEA
                                                                                                                                            • Part of subcall function 6D3D9E0C: __getptd.LIBCMT ref: 6D3D9E0C
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D386E17
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D386E2C
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D386E3B
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D386E50
                                                                                                                                            • Part of subcall function 6D3D9BB5: std::exception::exception.LIBCMT ref: 6D3D9C04
                                                                                                                                            • Part of subcall function 6D3D9BB5: std::exception::exception.LIBCMT ref: 6D3D9C1E
                                                                                                                                            • Part of subcall function 6D3D9BB5: __CxxThrowException@8.LIBCMT ref: 6D3D9C2F
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: std::exception::exception$Exception@8Throw$__getptd_malloc_rand
                                                                                                                                          • String ID: 0B?m$0B?m
                                                                                                                                          • API String ID: 2791304714-2506672065
                                                                                                                                          • Opcode ID: 8f37b37da77bd846fcd1110d1533beb73ff581a7049e7d0bdd69dc4c19b7adaa
                                                                                                                                          • Instruction ID: 1cdb5d195eacebb013cb8705697d41606f515ea1670117ca03682e076c9f9bf3
                                                                                                                                          • Opcode Fuzzy Hash: 8f37b37da77bd846fcd1110d1533beb73ff581a7049e7d0bdd69dc4c19b7adaa
                                                                                                                                          • Instruction Fuzzy Hash: 243126B29047489FC750CF68C980A9AFBF4FB18314F45896ED89A97B41D771E604CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3CC760 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 95COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • type_info::operator!=.LIBCMT ref: 6D3CC7EB
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: type_info::operator!=
                                                                                                                                          • String ID: ModPrime1PrivateExponent$ModPrime2PrivateExponent$MultiplicativeInverseOfPrime2ModPrime1$Prime1$Prime2$PrivateExponent
                                                                                                                                          • API String ID: 2241493438-339133643
                                                                                                                                          • Opcode ID: 99e6ee0aa8d99abe953ee5070b25d44d45a6bb2d9f98c8fc178da12545ae4456
                                                                                                                                          • Instruction ID: f1f5e392f5610f71daf77d5de1e1349b121180a3754eb39e46d60728fe56d2a4
                                                                                                                                          • Opcode Fuzzy Hash: 99e6ee0aa8d99abe953ee5070b25d44d45a6bb2d9f98c8fc178da12545ae4456
                                                                                                                                          • Instruction Fuzzy Hash: E9317071A183448FC7009F78C94955ABBF1AFD6208F018A6EF5849B361EB70DC48CB97
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D390457 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 94COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923B3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923C3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923D6
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923E9
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923FC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39240F
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID: RS%e
                                                                                                                                          • API String ID: 4225690600-1409579784
                                                                                                                                          • Opcode ID: f51caef5b290681f88daf16c0c23bef3e901145508a9bf8f4de6c6b70319b03a
                                                                                                                                          • Instruction ID: 039e63f573b76e7f5f32962d9099685fd60395ca3e4732ca6c5507f229ea4014
                                                                                                                                          • Opcode Fuzzy Hash: f51caef5b290681f88daf16c0c23bef3e901145508a9bf8f4de6c6b70319b03a
                                                                                                                                          • Instruction Fuzzy Hash: 0D316F75E00A189FDB10CFA9CD81BADB7B9AF85300F60859AE558EB242D775DD40CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D38AA00 Relevance: 12.3, APIs: 8, Instructions: 309COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Variant$ClearInit
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2610073882-0
                                                                                                                                          • Opcode ID: be03ab8ff7b972d3c77303da491b229e75e556e61995adc0c19ba1100697056f
                                                                                                                                          • Instruction ID: c39980ed34b4ced038d0b066f0f9143c3892b596f2ad9a87de11c6b2a58ce011
                                                                                                                                          • Opcode Fuzzy Hash: be03ab8ff7b972d3c77303da491b229e75e556e61995adc0c19ba1100697056f
                                                                                                                                          • Instruction Fuzzy Hash: B5C126716087019FC701DF68C880E2AB7FABFC8304F248A5DE595CB2A6D775E845CB92
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D389D00 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 326COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D389DEB
                                                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D389DFB
                                                                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D389E29
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D389F25
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D389FE5
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArraySafe$Bound$ClearDestroyElementVariant
                                                                                                                                          • String ID: @
                                                                                                                                          • API String ID: 3214203402-2766056989
                                                                                                                                          • Opcode ID: 50ec143c00ee654490c54ff826e88e077e68a02ffefb11de55a4df4de65a93d8
                                                                                                                                          • Instruction ID: 38b0b137f5cbd1a0d8e0da6b5336cf04ed5ca876e5778ccef7065e227d7e0960
                                                                                                                                          • Opcode Fuzzy Hash: 50ec143c00ee654490c54ff826e88e077e68a02ffefb11de55a4df4de65a93d8
                                                                                                                                          • Instruction Fuzzy Hash: DFD16B71D0024ACFDB04DFA8C984AADBBB5FF88304F24816DE515AB355D731AA46CFA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D38B300 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 326COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D38B3EB
                                                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D38B3FB
                                                                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D38B429
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D38B525
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D38B5E5
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArraySafe$Bound$ClearDestroyElementVariant
                                                                                                                                          • String ID: @
                                                                                                                                          • API String ID: 3214203402-2766056989
                                                                                                                                          • Opcode ID: 2fbaa237575cf25f023ff01fc743b0e01085397d4f227f9c131954b74bf6c05b
                                                                                                                                          • Instruction ID: 4fc33aa73b6ea484505a1af02d31a83fb486e3779adc2947037a7b60077cdc0e
                                                                                                                                          • Opcode Fuzzy Hash: 2fbaa237575cf25f023ff01fc743b0e01085397d4f227f9c131954b74bf6c05b
                                                                                                                                          • Instruction Fuzzy Hash: 58D15871E0024ACFDB00DFA8C885AADBBB5FF48304F24816DE515AB356D731AA46CF90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3D7FE0 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 325COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D374010: std::_Xinvalid_argument.LIBCPMT ref: 6D37402A
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3D80EA
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                                                                                                                          • String ID: Max$Min$RandomNumberType$T|?m$invalid bit length
                                                                                                                                          • API String ID: 3718517217-3898442463
                                                                                                                                          • Opcode ID: a60b4e19ae8f9b4c2aa435956ab66e7774bf9171e61de1ecb28ec0fba346d430
                                                                                                                                          • Instruction ID: 6b10852768c87cce9b194913d5fe808d18c86b94d0f6a5d9e2edc6fa517d57ec
                                                                                                                                          • Opcode Fuzzy Hash: a60b4e19ae8f9b4c2aa435956ab66e7774bf9171e61de1ecb28ec0fba346d430
                                                                                                                                          • Instruction Fuzzy Hash: 9DC1A17551D7809AE364CB28C850B9FB7E5BFD9304F498A2CE6C983391DB74A904CB63
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3B1580 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 277COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3B16B2
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3B180A
                                                                                                                                            • Part of subcall function 6D374010: std::_Xinvalid_argument.LIBCPMT ref: 6D37402A
                                                                                                                                          Strings
                                                                                                                                          • : this key is too short to encrypt any messages, xrefs: 6D3B162A
                                                                                                                                          • for this public key, xrefs: 6D3B1771
                                                                                                                                          • : message length of , xrefs: 6D3B170D
                                                                                                                                          • exceeds the maximum of , xrefs: 6D3B173F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw$ExceptionRaiseXinvalid_argumentstd::_
                                                                                                                                          • String ID: exceeds the maximum of $ for this public key$: message length of $: this key is too short to encrypt any messages
                                                                                                                                          • API String ID: 3807434085-412673420
                                                                                                                                          • Opcode ID: 8f65c51290783bd573a49098b742151a002b2f326d5edbe7c452d58d9ce6198a
                                                                                                                                          • Instruction ID: 16027c036a51a0f98142c1004435518a9c33bbe8b2ea95966842d24a0456e982
                                                                                                                                          • Opcode Fuzzy Hash: 8f65c51290783bd573a49098b742151a002b2f326d5edbe7c452d58d9ce6198a
                                                                                                                                          • Instruction Fuzzy Hash: EFB13B7160C3809FD360DB69C890F9BB7E9AFD9314F05891DE69D83251DB30A905CBA3
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D393C10 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 186COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,2D641B6B), ref: 6D393C49
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D393C81
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D393D26
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D393D30
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D393D89
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Variant$Clear$ArrayElementInitSafe
                                                                                                                                          • String ID: lj9m
                                                                                                                                          • API String ID: 4110538090-678643982
                                                                                                                                          • Opcode ID: d6f34e4833519031788add4515efd158e5f78fbc5432248cafc69afce8e7c075
                                                                                                                                          • Instruction ID: d6b74276d4ae96ca7eb4eb822646fa7e6ea0e1d82edc2364b620f33941262638
                                                                                                                                          • Opcode Fuzzy Hash: d6f34e4833519031788add4515efd158e5f78fbc5432248cafc69afce8e7c075
                                                                                                                                          • Instruction Fuzzy Hash: 556171B2A05249DFCB00DFA8C9849AEB7B9FF49310F24856DE615EB350D732AD45CB60
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D38D4B0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 136COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D38D5E4
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D38D5F9
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D38D608
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D38D61D
                                                                                                                                            • Part of subcall function 6D3D9BB5: std::exception::exception.LIBCMT ref: 6D3D9C04
                                                                                                                                            • Part of subcall function 6D3D9BB5: std::exception::exception.LIBCMT ref: 6D3D9C1E
                                                                                                                                            • Part of subcall function 6D3D9BB5: __CxxThrowException@8.LIBCMT ref: 6D3D9C2F
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                                                                                          • String ID: 0B?m$0B?m
                                                                                                                                          • API String ID: 2621100827-2506672065
                                                                                                                                          • Opcode ID: 2e0abbb4066b8332ab48e734679d3fe546f1d1023c2cfc593e33941dabc2f7f5
                                                                                                                                          • Instruction ID: 2dcaf93430ed2dac434478fab0072140ba3a6cf0f3bf80ec72229fa019931a18
                                                                                                                                          • Opcode Fuzzy Hash: 2e0abbb4066b8332ab48e734679d3fe546f1d1023c2cfc593e33941dabc2f7f5
                                                                                                                                          • Instruction Fuzzy Hash: E15149B1A0464AAFC744CFA8D980A99FBF4FB08304F50826EE559D7B41D371EA14CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D395F00 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 135COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D396035
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D39604A
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D396059
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D39606E
                                                                                                                                            • Part of subcall function 6D3D9BB5: std::exception::exception.LIBCMT ref: 6D3D9C04
                                                                                                                                            • Part of subcall function 6D3D9BB5: std::exception::exception.LIBCMT ref: 6D3D9C1E
                                                                                                                                            • Part of subcall function 6D3D9BB5: __CxxThrowException@8.LIBCMT ref: 6D3D9C2F
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                                                                                          • String ID: 0B?m$0B?m
                                                                                                                                          • API String ID: 2621100827-2506672065
                                                                                                                                          • Opcode ID: 2291cb70cf1f476bd521b65a50d9f6624205bd699a096c14c92fb08b98363016
                                                                                                                                          • Instruction ID: 89adf4b3bf03472e91e0c978e0640a25829d1b1500998cd90b4c09af28c4e7cd
                                                                                                                                          • Opcode Fuzzy Hash: 2291cb70cf1f476bd521b65a50d9f6624205bd699a096c14c92fb08b98363016
                                                                                                                                          • Instruction Fuzzy Hash: C7515AB1A0464AAFC744CFA8C980A99FBF4FF08304F10826AD519DBB41E371E954CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3D13A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D3D13BE
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D90ED
                                                                                                                                            • Part of subcall function 6D3D90D8: __CxxThrowException@8.LIBCMT ref: 6D3D9102
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D9113
                                                                                                                                          • _memmove.LIBCMT ref: 6D3D1431
                                                                                                                                          • _memmove.LIBCMT ref: 6D3D1456
                                                                                                                                          • _memmove.LIBCMT ref: 6D3D1493
                                                                                                                                          • _memmove.LIBCMT ref: 6D3D14B0
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                                                                          • String ID: deque<T> too long
                                                                                                                                          • API String ID: 4034224661-309773918
                                                                                                                                          • Opcode ID: cf9bf13392b6d1f8a317c1cd475e1e597351c0cc16c9e3647615e547fa370509
                                                                                                                                          • Instruction ID: 5b375809ddb3b1ea298e7f495f9ea8aa80e62841563d60ec1a9161e0b5b6883c
                                                                                                                                          • Opcode Fuzzy Hash: cf9bf13392b6d1f8a317c1cd475e1e597351c0cc16c9e3647615e547fa370509
                                                                                                                                          • Instruction Fuzzy Hash: 1241F773A042054BC714CE68DC9196BB7E6EFC4224F0AC62CE949D7749EA74ED05CBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3D1250 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D3D126E
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D90ED
                                                                                                                                            • Part of subcall function 6D3D90D8: __CxxThrowException@8.LIBCMT ref: 6D3D9102
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D9113
                                                                                                                                          • _memmove.LIBCMT ref: 6D3D12E0
                                                                                                                                          • _memmove.LIBCMT ref: 6D3D1305
                                                                                                                                          • _memmove.LIBCMT ref: 6D3D1342
                                                                                                                                          • _memmove.LIBCMT ref: 6D3D135F
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                                                                          • String ID: deque<T> too long
                                                                                                                                          • API String ID: 4034224661-309773918
                                                                                                                                          • Opcode ID: ccbbb5016dc323f63450e0311ec598e5e04f0c448111f5b98c0666cace8cf302
                                                                                                                                          • Instruction ID: b41a5319aa26977f8ac2762711b3eeff853f5353bc8fd2080990e1cb3da9b556
                                                                                                                                          • Opcode Fuzzy Hash: ccbbb5016dc323f63450e0311ec598e5e04f0c448111f5b98c0666cace8cf302
                                                                                                                                          • Instruction Fuzzy Hash: 65410673A042059BD704CE28DC9166BB7E6EBC4220F09C62CE849D7744EA75ED05CBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D395DB0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 115COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D395E87
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D395E9C
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D395EAB
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D395EC0
                                                                                                                                            • Part of subcall function 6D3D9BB5: std::exception::exception.LIBCMT ref: 6D3D9C04
                                                                                                                                            • Part of subcall function 6D3D9BB5: std::exception::exception.LIBCMT ref: 6D3D9C1E
                                                                                                                                            • Part of subcall function 6D3D9BB5: __CxxThrowException@8.LIBCMT ref: 6D3D9C2F
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                                                                                          • String ID: 0B?m$0B?m
                                                                                                                                          • API String ID: 2621100827-2506672065
                                                                                                                                          • Opcode ID: 8378bf747fcd68fbf609cf3532b2f3d608076368d2b3789a8301ebe41523f1c0
                                                                                                                                          • Instruction ID: dc298407e34cf4de1cc45659f03e6a1f2c1333fa26c1eeb3f2e6b00ba043b538
                                                                                                                                          • Opcode Fuzzy Hash: 8378bf747fcd68fbf609cf3532b2f3d608076368d2b3789a8301ebe41523f1c0
                                                                                                                                          • Instruction Fuzzy Hash: A44149B19047489FC720CFA8C980A9AFBF4FB18304F45896ED59A97741E771E904CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D38D360 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 115COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D38D437
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D38D44C
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D38D45B
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D38D470
                                                                                                                                            • Part of subcall function 6D3D9BB5: std::exception::exception.LIBCMT ref: 6D3D9C04
                                                                                                                                            • Part of subcall function 6D3D9BB5: std::exception::exception.LIBCMT ref: 6D3D9C1E
                                                                                                                                            • Part of subcall function 6D3D9BB5: __CxxThrowException@8.LIBCMT ref: 6D3D9C2F
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: std::exception::exception$Exception@8Throw$_malloc
                                                                                                                                          • String ID: 0B?m$0B?m
                                                                                                                                          • API String ID: 2621100827-2506672065
                                                                                                                                          • Opcode ID: cef92c633dd33a92fa0e356e716e5f1ba5490f980d94e6a2893e69576f5cd88f
                                                                                                                                          • Instruction ID: eb9e7a061cdb73d032be654592443edcc362e83f8d3ecd4022eb6edbc74e4940
                                                                                                                                          • Opcode Fuzzy Hash: cef92c633dd33a92fa0e356e716e5f1ba5490f980d94e6a2893e69576f5cd88f
                                                                                                                                          • Instruction Fuzzy Hash: CC4149B19047489FC720CFA9D980A9AFBF4FB18304F41896ED99A97741E771E904CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3D2B80 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3A6480: __CxxThrowException@8.LIBCMT ref: 6D3A6518
                                                                                                                                            • Part of subcall function 6D3A6480: __CxxThrowException@8.LIBCMT ref: 6D3A6558
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3D2C9A
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3D2CB1
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3D2CC3
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3D2CDA
                                                                                                                                            • Part of subcall function 6D3D9BB5: std::exception::exception.LIBCMT ref: 6D3D9C04
                                                                                                                                            • Part of subcall function 6D3D9BB5: std::exception::exception.LIBCMT ref: 6D3D9C1E
                                                                                                                                            • Part of subcall function 6D3D9BB5: __CxxThrowException@8.LIBCMT ref: 6D3D9C2F
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw$std::exception::exception$_malloc
                                                                                                                                          • String ID: 0B?m$0B?m
                                                                                                                                          • API String ID: 3942750879-2506672065
                                                                                                                                          • Opcode ID: c11d366c38a69a027e7cf323b4ab7b1d5020796e7ad65756352c1564c870ffb1
                                                                                                                                          • Instruction ID: 3ca8a5fd9fe69d2ec783ed79a8c26e87fbba348bf73166d5e0396fdd77721f6a
                                                                                                                                          • Opcode Fuzzy Hash: c11d366c38a69a027e7cf323b4ab7b1d5020796e7ad65756352c1564c870ffb1
                                                                                                                                          • Instruction Fuzzy Hash: 83417BB25187419FC354CF59C880A5AFBF4FF99314F508A2EF29A87650D7B1A504CFA2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D374D90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 100COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D374DA9
                                                                                                                                            • Part of subcall function 6D3D9125: std::exception::exception.LIBCMT ref: 6D3D913A
                                                                                                                                            • Part of subcall function 6D3D9125: __CxxThrowException@8.LIBCMT ref: 6D3D914F
                                                                                                                                            • Part of subcall function 6D3D9125: std::exception::exception.LIBCMT ref: 6D3D9160
                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D374DCA
                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D374DE5
                                                                                                                                          • _memmove.LIBCMT ref: 6D374E4D
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Xinvalid_argumentstd::_$std::exception::exception$Exception@8Throw_memmove
                                                                                                                                          • String ID: invalid string position$string too long
                                                                                                                                          • API String ID: 443534600-4289949731
                                                                                                                                          • Opcode ID: 4afe2d61753930d67bcf067a6c69c469c10c58f4b80b14437f4e42403be0939d
                                                                                                                                          • Instruction ID: c2abfdcced71d87e6512530d786e205e5eff497169f8361af453d587acbbe4f5
                                                                                                                                          • Opcode Fuzzy Hash: 4afe2d61753930d67bcf067a6c69c469c10c58f4b80b14437f4e42403be0939d
                                                                                                                                          • Instruction Fuzzy Hash: 5D31F732304A158FD3358E6CE890A6AF3E9AF99334F24462EE591CB641D775E840C7A5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39DC40 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 90COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D39DCC5
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D39DCDA
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D39DD09
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D39DD1E
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaise_mallocstd::exception::_
                                                                                                                                          • String ID: 0B?m$0B?m
                                                                                                                                          • API String ID: 399550787-2506672065
                                                                                                                                          • Opcode ID: e424de3289f6465d027fe54739a9e124ee08767a93bc476548892761ff1b43b6
                                                                                                                                          • Instruction ID: 0a1cd932a8cce40d77c83e49fa60bd0ec55bf4a455f79d0449e5453be6ca4cce
                                                                                                                                          • Opcode Fuzzy Hash: e424de3289f6465d027fe54739a9e124ee08767a93bc476548892761ff1b43b6
                                                                                                                                          • Instruction Fuzzy Hash: 11314FB6D04209AFD704CF99D845AAEBBF8BF58310F01856DE9199B350E771EA04CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3E44E9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Name::operator+$NameName::
                                                                                                                                          • String ID: throw(
                                                                                                                                          • API String ID: 168861036-3159766648
                                                                                                                                          • Opcode ID: 8ced192483db0429b652300c119dc1d2bea6fd5d2bbbb38a62c171b4792c21ba
                                                                                                                                          • Instruction ID: 2836412ec9e8c61484fdb87d6cf3080984bb294bac07a34b2a4d444a8ee563cb
                                                                                                                                          • Opcode Fuzzy Hash: 8ced192483db0429b652300c119dc1d2bea6fd5d2bbbb38a62c171b4792c21ba
                                                                                                                                          • Instruction Fuzzy Hash: 15018470604119AFCF04DBA4C841DFD77B9AB48388F058156EA029B2D4DB70E946C790
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3DCCF3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __getptd_noexit.LIBCMT ref: 6D3DCCFA
                                                                                                                                            • Part of subcall function 6D3DEA6D: GetLastError.KERNEL32(?,?,6D3DD7DD,6D3D9DEF,00000000,?,6D3D9BD4,6D371290,2D641B6B), ref: 6D3DEA71
                                                                                                                                            • Part of subcall function 6D3DEA6D: ___set_flsgetvalue.LIBCMT ref: 6D3DEA7F
                                                                                                                                            • Part of subcall function 6D3DEA6D: __calloc_crt.LIBCMT ref: 6D3DEA93
                                                                                                                                            • Part of subcall function 6D3DEA6D: DecodePointer.KERNEL32(00000000,?,?,6D3DD7DD,6D3D9DEF,00000000,?,6D3D9BD4,6D371290,2D641B6B), ref: 6D3DEAAD
                                                                                                                                            • Part of subcall function 6D3DEA6D: GetCurrentThreadId.KERNEL32 ref: 6D3DEAC3
                                                                                                                                            • Part of subcall function 6D3DEA6D: SetLastError.KERNEL32(00000000,?,?,6D3DD7DD,6D3D9DEF,00000000,?,6D3D9BD4,6D371290,2D641B6B), ref: 6D3DEADB
                                                                                                                                          • __calloc_crt.LIBCMT ref: 6D3DCD1C
                                                                                                                                          • __get_sys_err_msg.LIBCMT ref: 6D3DCD3A
                                                                                                                                          • _strcpy_s.LIBCMT ref: 6D3DCD42
                                                                                                                                          • __invoke_watson.LIBCMT ref: 6D3DCD57
                                                                                                                                          Strings
                                                                                                                                          • Visual C++ CRT: Not enough memory to complete call to strerror., xrefs: 6D3DCD07, 6D3DCD2A
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorLast__calloc_crt$CurrentDecodePointerThread___set_flsgetvalue__get_sys_err_msg__getptd_noexit__invoke_watson_strcpy_s
                                                                                                                                          • String ID: Visual C++ CRT: Not enough memory to complete call to strerror.
                                                                                                                                          • API String ID: 3117964792-798102604
                                                                                                                                          • Opcode ID: d922ebc80d0a6361cd25280fb31442b7802e1392eabdfbe3cd677a45ae65bc97
                                                                                                                                          • Instruction ID: 638044651721c7c17ff5c2d28970c4d8e169a5d8d78ac7a6b7e9bdf8bf04156e
                                                                                                                                          • Opcode Fuzzy Hash: d922ebc80d0a6361cd25280fb31442b7802e1392eabdfbe3cd677a45ae65bc97
                                                                                                                                          • Instruction Fuzzy Hash: 71F02B7392E3152BC390291B5C8195FBBAC9B8975CB01483AF784D7100D6269C014DA5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3DE9B9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetModuleHandleW.KERNEL32(KERNEL32.DLL,6D409880,00000008,6D3DEAC1,00000000,00000000,?,?,6D3DD7DD,6D3D9DEF,00000000,?,6D3D9BD4,6D371290,2D641B6B), ref: 6D3DE9CA
                                                                                                                                          • __lock.LIBCMT ref: 6D3DE9FE
                                                                                                                                            • Part of subcall function 6D3E2438: __mtinitlocknum.LIBCMT ref: 6D3E244E
                                                                                                                                            • Part of subcall function 6D3E2438: __amsg_exit.LIBCMT ref: 6D3E245A
                                                                                                                                            • Part of subcall function 6D3E2438: EnterCriticalSection.KERNEL32(6D3D9BD4,6D3D9BD4,?,6D3DEA03,0000000D), ref: 6D3E2462
                                                                                                                                          • InterlockedIncrement.KERNEL32(FFFFFEF5), ref: 6D3DEA0B
                                                                                                                                          • __lock.LIBCMT ref: 6D3DEA1F
                                                                                                                                          • ___addlocaleref.LIBCMT ref: 6D3DEA3D
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                                                                                                          • String ID: KERNEL32.DLL
                                                                                                                                          • API String ID: 637971194-2576044830
                                                                                                                                          • Opcode ID: e19c9ac375a1aae7a7feac4313bf95b6bbfd25961d5e4681e6cb8fcfa4ad4d09
                                                                                                                                          • Instruction ID: 1f1cdb8ae53579803b889aabdc538f699802f0356e8e09226278916dc2815799
                                                                                                                                          • Opcode Fuzzy Hash: e19c9ac375a1aae7a7feac4313bf95b6bbfd25961d5e4681e6cb8fcfa4ad4d09
                                                                                                                                          • Instruction Fuzzy Hash: 45016D72848B06AED7609F65D905759FBF0FF51318F10C90ED6D6962A0CBB0AA44CF11
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D398A9A Relevance: 9.1, APIs: 6, Instructions: 130COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE63
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE73
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE86
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE99
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEAC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEBF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4225690600-0
                                                                                                                                          • Opcode ID: 85967beae5496d3beaa705ff0ce3f5ec1a0fcb8c60a2f5ba086fa407546ca966
                                                                                                                                          • Instruction ID: 60fb2bf2f5878cff07b7ffd6ce7ab2332f62fd8b944d93ba5c7dd7ab26177881
                                                                                                                                          • Opcode Fuzzy Hash: 85967beae5496d3beaa705ff0ce3f5ec1a0fcb8c60a2f5ba086fa407546ca966
                                                                                                                                          • Instruction Fuzzy Hash: A5413C74E016199FDB00DFA9C980E6AB7F9AF89300F248689E509DB355EB36EC41CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D398DE8 Relevance: 9.1, APIs: 6, Instructions: 112COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE63
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE73
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE86
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE99
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEAC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEBF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4225690600-0
                                                                                                                                          • Opcode ID: 33cd9f0311d6adb9a652986725720ad1985c99a98f6d4374fbd71bf5c9eb7e1a
                                                                                                                                          • Instruction ID: 406322d810805915472aca2037596b92efd51ecdb02f02248765f3f516655ac1
                                                                                                                                          • Opcode Fuzzy Hash: 33cd9f0311d6adb9a652986725720ad1985c99a98f6d4374fbd71bf5c9eb7e1a
                                                                                                                                          • Instruction Fuzzy Hash: 56415B71E006199FDB00CF68CC80F6EB7F9AF89200F24869AE518EB251DB31E941CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D390338 Relevance: 9.1, APIs: 6, Instructions: 112COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923B3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923C3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923D6
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923E9
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923FC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39240F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4225690600-0
                                                                                                                                          • Opcode ID: 33cd9f0311d6adb9a652986725720ad1985c99a98f6d4374fbd71bf5c9eb7e1a
                                                                                                                                          • Instruction ID: beaa5b1ac167d2952c075d2f724932e926c474e37bc8fd754dfa966014239f8f
                                                                                                                                          • Opcode Fuzzy Hash: 33cd9f0311d6adb9a652986725720ad1985c99a98f6d4374fbd71bf5c9eb7e1a
                                                                                                                                          • Instruction Fuzzy Hash: C1415D75A006099FDB10CF69CD80F6DB7B9AF89200F60869AE518EB251DB31D941CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D398CE7 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE63
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE73
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE86
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE99
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEAC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEBF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4225690600-0
                                                                                                                                          • Opcode ID: 6e531bc78b79866cb32e1113666eca0c1ffa35633755aee615d1a2d8d111ffa5
                                                                                                                                          • Instruction ID: 6ce1176f8c6f96ee8a4f26e13d8bebbf8848e321942e8d3e451bd1b3282704eb
                                                                                                                                          • Opcode Fuzzy Hash: 6e531bc78b79866cb32e1113666eca0c1ffa35633755aee615d1a2d8d111ffa5
                                                                                                                                          • Instruction Fuzzy Hash: 2F313A71E016099FCB00CF68CD81F6EB7F9AF89200F248696E519EB255DB75E940CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D398F83 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE63
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE73
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE86
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE99
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEAC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEBF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4225690600-0
                                                                                                                                          • Opcode ID: 31f1be22a8c0c83867292fd2b26d53251113235371de0050f4bb96ab19fd3a32
                                                                                                                                          • Instruction ID: 852251d3267a5b6791a3d1448d5fce0a8bcd630df5e9fa9b80472ecbb22c9ba5
                                                                                                                                          • Opcode Fuzzy Hash: 31f1be22a8c0c83867292fd2b26d53251113235371de0050f4bb96ab19fd3a32
                                                                                                                                          • Instruction Fuzzy Hash: B7314971E016099FCB00CF68CC81F6EB7BAAF89200F248686E519EB245EB35ED41CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D398BDD Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE63
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE73
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE86
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE99
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEAC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEBF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4225690600-0
                                                                                                                                          • Opcode ID: 157c73c6938508f31821877082efc83f16c10a949be4736735eeae97eb3c2c5e
                                                                                                                                          • Instruction ID: 266934a7450f88a0736337589deda3945fd71ef759dd30dc406245d142ba9721
                                                                                                                                          • Opcode Fuzzy Hash: 157c73c6938508f31821877082efc83f16c10a949be4736735eeae97eb3c2c5e
                                                                                                                                          • Instruction Fuzzy Hash: A1315A70E016099FDB10DF68CC81F6EB7B9AF89200F248696E518EB251D775ED41CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3905DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923B3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923C3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923D6
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923E9
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923FC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39240F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4225690600-0
                                                                                                                                          • Opcode ID: c7ac775c835950a1c5a9808e793281c28d1c07752e761d651127e231d5284d61
                                                                                                                                          • Instruction ID: 7bed18bfe7dc7dedbbef03b8362074fbb52e99df48adacdf4bc50ca2d4e86fb7
                                                                                                                                          • Opcode Fuzzy Hash: c7ac775c835950a1c5a9808e793281c28d1c07752e761d651127e231d5284d61
                                                                                                                                          • Instruction Fuzzy Hash: 78315C74A006099FDB10CF69CD81B6DB7B9AF89300F608596E518EB251E775DD40CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3904D3 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923B3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923C3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923D6
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923E9
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923FC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39240F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4225690600-0
                                                                                                                                          • Opcode ID: 31f1be22a8c0c83867292fd2b26d53251113235371de0050f4bb96ab19fd3a32
                                                                                                                                          • Instruction ID: 45a6ffab32e0577ce6e712e75a2957b4cb0d83a80017b30071e7188978b91936
                                                                                                                                          • Opcode Fuzzy Hash: 31f1be22a8c0c83867292fd2b26d53251113235371de0050f4bb96ab19fd3a32
                                                                                                                                          • Instruction Fuzzy Hash: BB316D74E00A099FCB10CFA9CD81B6EB7B9AF89300F60859AE518EB242DB75DD41CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D390668 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923B3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923C3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923D6
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923E9
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923FC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39240F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4225690600-0
                                                                                                                                          • Opcode ID: 80bf189541430031765c374cb71633fcff70237152f625898685dfe220b90d55
                                                                                                                                          • Instruction ID: 50120da439ec83b03787c7fab0bb258e1bac1241f9a65525e1d779578cc2989e
                                                                                                                                          • Opcode Fuzzy Hash: 80bf189541430031765c374cb71633fcff70237152f625898685dfe220b90d55
                                                                                                                                          • Instruction Fuzzy Hash: 60313C74A006099FDB10CF69CD81B6EB7F9AF89300F60859AE518EB251DB75DD41CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D399118 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE63
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE73
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE86
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE99
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEAC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEBF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4225690600-0
                                                                                                                                          • Opcode ID: 80bf189541430031765c374cb71633fcff70237152f625898685dfe220b90d55
                                                                                                                                          • Instruction ID: 340d155d2d638ad75a13822fffb6459a38db9d903b0eb4a9e34c7bb097e491ce
                                                                                                                                          • Opcode Fuzzy Hash: 80bf189541430031765c374cb71633fcff70237152f625898685dfe220b90d55
                                                                                                                                          • Instruction Fuzzy Hash: BE313871E016099FCB10CF68CD81F6EB7F9AF89200F24869AE519EB251EB75E941CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3991A9 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE63
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE73
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE86
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE99
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEAC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEBF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4225690600-0
                                                                                                                                          • Opcode ID: fddd7b7b9b3f0d0f7dd56f8c24b7fb8a055523ab4127c6581e99fb0ce6501dab
                                                                                                                                          • Instruction ID: 824d26871820cedf830c21722cf918e6ed2912d7076ee443ba1c990eb826744e
                                                                                                                                          • Opcode Fuzzy Hash: fddd7b7b9b3f0d0f7dd56f8c24b7fb8a055523ab4127c6581e99fb0ce6501dab
                                                                                                                                          • Instruction Fuzzy Hash: 28315A71E006099FCB10CF68CD81F6EB7F9AF89200F248686E519EB241EB35E940CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39908A Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE63
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE73
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE86
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE99
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEAC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEBF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4225690600-0
                                                                                                                                          • Opcode ID: c7ac775c835950a1c5a9808e793281c28d1c07752e761d651127e231d5284d61
                                                                                                                                          • Instruction ID: 6bde12cb03766d69f799fadff4629a868563d66bd7b7c3694c375c190ef802fc
                                                                                                                                          • Opcode Fuzzy Hash: c7ac775c835950a1c5a9808e793281c28d1c07752e761d651127e231d5284d61
                                                                                                                                          • Instruction Fuzzy Hash: C4314974E016199FDB00CF68CD81F6EB7B9AF89200F24868AE518EB241E736E941CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D399237 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE63
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE73
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE86
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE99
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEAC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEBF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4225690600-0
                                                                                                                                          • Opcode ID: 9f17464ff754cf82c9fa08e02b995a11b4b81c4466cdb3a48d42d35d07ec8db6
                                                                                                                                          • Instruction ID: 779ef871f019765ccc64cf37a94ff6d9461000bef63a5e39be1f5a0d5440a3a6
                                                                                                                                          • Opcode Fuzzy Hash: 9f17464ff754cf82c9fa08e02b995a11b4b81c4466cdb3a48d42d35d07ec8db6
                                                                                                                                          • Instruction Fuzzy Hash: 6C314971E016099FCB00DFA8CC81F6EB7B9AF89200F248686E518EB241DB76E941CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3992C5 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE63
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE73
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE86
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE99
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEAC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEBF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4225690600-0
                                                                                                                                          • Opcode ID: e010e64a17df7b107089e940bec9e0c1a692c902bc4c6cd4d560f56bef680535
                                                                                                                                          • Instruction ID: 0cf2c4a7e38d8eed200adf640b817a1f099d61a6f392171a78d6e4d1f342a4c4
                                                                                                                                          • Opcode Fuzzy Hash: e010e64a17df7b107089e940bec9e0c1a692c902bc4c6cd4d560f56bef680535
                                                                                                                                          • Instruction Fuzzy Hash: 23313971E016099FDB10CFA8CD81F6EB7B9AF89300F248686E519EB251D775E941CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D398D72 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE63
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE73
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE86
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE99
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEAC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEBF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4225690600-0
                                                                                                                                          • Opcode ID: 6c9ad32ac92008d6d4443a754130acc23160ed3528b2a247bc987f4d28560997
                                                                                                                                          • Instruction ID: b3e344ff9fcbb8868b84be5e6f462d2824ab6820c8e0578d568c74bd74b7edd7
                                                                                                                                          • Opcode Fuzzy Hash: 6c9ad32ac92008d6d4443a754130acc23160ed3528b2a247bc987f4d28560997
                                                                                                                                          • Instruction Fuzzy Hash: 7A315C71E016189FCB10CF68CC81FAEB7B9AF89200F24868AE519EB241D772ED41CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D398C6E Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE63
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE73
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE86
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE99
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEAC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEBF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4225690600-0
                                                                                                                                          • Opcode ID: b6a4aa58ed3dadf9da142f0f8c8dbd590b84248343eb4eb1a7545426be57da5d
                                                                                                                                          • Instruction ID: c9464a4389c7c8f42dab42d8f90031ce6d52ea93c5c546cb2fab50e32402cf99
                                                                                                                                          • Opcode Fuzzy Hash: b6a4aa58ed3dadf9da142f0f8c8dbd590b84248343eb4eb1a7545426be57da5d
                                                                                                                                          • Instruction Fuzzy Hash: 22314971E016199FDB10DB68CC81F6EB7B9AF89200F24869AE419EB242D772E941CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D398F07 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE63
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE73
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE86
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE99
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEAC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEBF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4225690600-0
                                                                                                                                          • Opcode ID: f51caef5b290681f88daf16c0c23bef3e901145508a9bf8f4de6c6b70319b03a
                                                                                                                                          • Instruction ID: 0c74bea0702d3f653188c341cc693b1945b7ebca771bdd5dab598f3609f6e613
                                                                                                                                          • Opcode Fuzzy Hash: f51caef5b290681f88daf16c0c23bef3e901145508a9bf8f4de6c6b70319b03a
                                                                                                                                          • Instruction Fuzzy Hash: 3C313971E006189FDB10CB68CC81F6EB7B9AF85200F24869AE519EB241D771D940CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D398E8E Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE63
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE73
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE86
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE99
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEAC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEBF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4225690600-0
                                                                                                                                          • Opcode ID: d27deedc63843b48be0b40b3dbd20e787e78da6dad22d03b2965f9c8fdab718e
                                                                                                                                          • Instruction ID: 300dbbc2d7625f4d980913634ce8b2934ff01881379c8489ef82c5a2d6785924
                                                                                                                                          • Opcode Fuzzy Hash: d27deedc63843b48be0b40b3dbd20e787e78da6dad22d03b2965f9c8fdab718e
                                                                                                                                          • Instruction Fuzzy Hash: 9C314E71E006199FDB10CFA8CC85FAEB7B9AF89200F24869AE519EB245D771ED40CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39884F Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE63
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE73
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE86
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE99
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEAC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEBF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4225690600-0
                                                                                                                                          • Opcode ID: 5ed5e202ab81a3b082e20b26b655549c561ab66f12208e5a0a42b32c627e672b
                                                                                                                                          • Instruction ID: ec1af762ed02066bdf84c9aefefac33eab59c9719b72c842449ae68a5f611c28
                                                                                                                                          • Opcode Fuzzy Hash: 5ed5e202ab81a3b082e20b26b655549c561ab66f12208e5a0a42b32c627e672b
                                                                                                                                          • Instruction Fuzzy Hash: 9C313A71E016189FDB10CF69CC85F6EB7BAAF89200F24868AE519EB241D776E941CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D398B64 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE63
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE73
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE86
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE99
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEAC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEBF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4225690600-0
                                                                                                                                          • Opcode ID: 9278302157e842eb45775a52ff939ee54cdba61b97c99b670899323b49f50faf
                                                                                                                                          • Instruction ID: 509d64e8ce2f223137ac1bda6f10f11fdae305e0f34c790f425bbe7432d57459
                                                                                                                                          • Opcode Fuzzy Hash: 9278302157e842eb45775a52ff939ee54cdba61b97c99b670899323b49f50faf
                                                                                                                                          • Instruction Fuzzy Hash: 86313AB1E016189FCB10DF68CC81F6EB7B9AF89200F24868AE519EB241D776D941CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D390561 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923B3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923C3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923D6
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923E9
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923FC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39240F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4225690600-0
                                                                                                                                          • Opcode ID: de09954bae2fc85e99c3b55b10ada391bbd5261cc21f578cb86a531d86ce202d
                                                                                                                                          • Instruction ID: ab4fb286729d826df4e4c9d186af5190da6d7f913bd9c779f587a133315c9a81
                                                                                                                                          • Opcode Fuzzy Hash: de09954bae2fc85e99c3b55b10ada391bbd5261cc21f578cb86a531d86ce202d
                                                                                                                                          • Instruction Fuzzy Hash: 5A316F74E00A189FCB10CFA9CD81B6DB7B9AF89300F60859AE518EB242D772DD40CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3901BE Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923B3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923C3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923D6
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923E9
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923FC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39240F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4225690600-0
                                                                                                                                          • Opcode ID: b6a4aa58ed3dadf9da142f0f8c8dbd590b84248343eb4eb1a7545426be57da5d
                                                                                                                                          • Instruction ID: 08420bfdda0f9dd8b18a084695b02ed07a1e510f68f4155863a117ecbf33f308
                                                                                                                                          • Opcode Fuzzy Hash: b6a4aa58ed3dadf9da142f0f8c8dbd590b84248343eb4eb1a7545426be57da5d
                                                                                                                                          • Instruction Fuzzy Hash: C0318F74E00A189FDB20CFA9CD81B6DB7BAAF85300F60859AE418EB242D771DD80CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3900B4 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923B3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923C3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923D6
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923E9
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923FC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39240F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4225690600-0
                                                                                                                                          • Opcode ID: 9278302157e842eb45775a52ff939ee54cdba61b97c99b670899323b49f50faf
                                                                                                                                          • Instruction ID: 59afe09fbdd6d6fea0b1d5f110866d5a274b4b562c12b205e8b512f5b79dab72
                                                                                                                                          • Opcode Fuzzy Hash: 9278302157e842eb45775a52ff939ee54cdba61b97c99b670899323b49f50faf
                                                                                                                                          • Instruction Fuzzy Hash: 21316E75E00A189FCB10CF69CD81B6DB7B9AF85300F60859AE518EB242DB72DD41CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3903DE Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923B3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923C3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923D6
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923E9
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923FC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39240F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4225690600-0
                                                                                                                                          • Opcode ID: d27deedc63843b48be0b40b3dbd20e787e78da6dad22d03b2965f9c8fdab718e
                                                                                                                                          • Instruction ID: f23f6439c991940e08b418fcd3324b5f476b9566cfcdd8bc31d49c504e970262
                                                                                                                                          • Opcode Fuzzy Hash: d27deedc63843b48be0b40b3dbd20e787e78da6dad22d03b2965f9c8fdab718e
                                                                                                                                          • Instruction Fuzzy Hash: 89316175E00A189FDB10CF69CD81BADB7B9AF89300F60869AE558EB241D771DD40CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3902C2 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923B3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923C3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923D6
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923E9
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923FC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39240F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4225690600-0
                                                                                                                                          • Opcode ID: 6c9ad32ac92008d6d4443a754130acc23160ed3528b2a247bc987f4d28560997
                                                                                                                                          • Instruction ID: 03aaa2eff31e105f58549339b7efe9a17055a4fdaa35c3fca6172b420a3ed246
                                                                                                                                          • Opcode Fuzzy Hash: 6c9ad32ac92008d6d4443a754130acc23160ed3528b2a247bc987f4d28560997
                                                                                                                                          • Instruction Fuzzy Hash: E8316F75E00A189FCB10CFA9CD81BADB7B9AF89300F60869AE558EB242D771DD41CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D38FD9F Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923B3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923C3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923D6
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923E9
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923FC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39240F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4225690600-0
                                                                                                                                          • Opcode ID: 5ed5e202ab81a3b082e20b26b655549c561ab66f12208e5a0a42b32c627e672b
                                                                                                                                          • Instruction ID: 8b1875f54c5e4c5fccfe3a5de7f0a3ece968459e502aa51690075174ec283a3f
                                                                                                                                          • Opcode Fuzzy Hash: 5ed5e202ab81a3b082e20b26b655549c561ab66f12208e5a0a42b32c627e672b
                                                                                                                                          • Instruction Fuzzy Hash: 1A316E75E00A189FDB10CF69CD81BADB7B9AF89300F60859AE518EB242D771ED41CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D399011 Relevance: 9.1, APIs: 6, Instructions: 94COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE63
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE73
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE86
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE99
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEAC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEBF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArrayDestroySafe
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4225690600-0
                                                                                                                                          • Opcode ID: de09954bae2fc85e99c3b55b10ada391bbd5261cc21f578cb86a531d86ce202d
                                                                                                                                          • Instruction ID: d147118fbc8d2f86e20573ba89b59e38965f18b13df479bc7d5ffe76f854667b
                                                                                                                                          • Opcode Fuzzy Hash: de09954bae2fc85e99c3b55b10ada391bbd5261cc21f578cb86a531d86ce202d
                                                                                                                                          • Instruction Fuzzy Hash: 27313A71E016189FCB10DF68CD81F6EB7B9AF89200F24868AE519EB242D776D940CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3E249C Relevance: 9.1, APIs: 6, Instructions: 92COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000100,?,?,?,?,?,6D3E25B1,?,00000000,?), ref: 6D3E24E6
                                                                                                                                          • _malloc.LIBCMT ref: 6D3E251B
                                                                                                                                          • _memset.LIBCMT ref: 6D3E253B
                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,?,00000001,?,00000000,00000001,00000000), ref: 6D3E2550
                                                                                                                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6D3E255E
                                                                                                                                          • __freea.LIBCMT ref: 6D3E2568
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ByteCharMultiWide$StringType__freea_malloc_memset
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 525495869-0
                                                                                                                                          • Opcode ID: e0d71471260c770405dbfe02a549cfd0b28571e4db39c94d9d774c4bc4e19879
                                                                                                                                          • Instruction ID: aa94e344af0ad57b50b748c2fd54ec5fa33dbcc2e142bf9bf99f6e7c1a3499d2
                                                                                                                                          • Opcode Fuzzy Hash: e0d71471260c770405dbfe02a549cfd0b28571e4db39c94d9d774c4bc4e19879
                                                                                                                                          • Instruction Fuzzy Hash: 5831A07650021BAFEB118F64DE91EAEBBBCEB08398F114026F91597290D731DD108AA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D398A39 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3969C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6D396A08
                                                                                                                                            • Part of subcall function 6D3969C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D396A15
                                                                                                                                            • Part of subcall function 6D3969C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D396A41
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE63
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE73
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE86
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE99
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEAC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEBF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArraySafe$Destroy$Bound$Element
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 757764206-0
                                                                                                                                          • Opcode ID: 496e2a7fc71add5af1a6a60cc35a5179053e67c9d4ee04cff585b1e62e461f41
                                                                                                                                          • Instruction ID: 91bf9613150298846d25c12af46b57c10628cd7e55e21a8ac3e5568b1a90187b
                                                                                                                                          • Opcode Fuzzy Hash: 496e2a7fc71add5af1a6a60cc35a5179053e67c9d4ee04cff585b1e62e461f41
                                                                                                                                          • Instruction Fuzzy Hash: 47311E71E006189FCB10DB68CC81FAEB7B9AF95300F24468AE519EB241D776DD80CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3987EE Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3969C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6D396A08
                                                                                                                                            • Part of subcall function 6D3969C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D396A15
                                                                                                                                            • Part of subcall function 6D3969C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D396A41
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE63
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE73
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE86
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AE99
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEAC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39AEBF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArraySafe$Destroy$Bound$Element
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 757764206-0
                                                                                                                                          • Opcode ID: b49b562903f4cddcf4e4a45e885aa60aac4a6777328741c1d93c49cb569c563a
                                                                                                                                          • Instruction ID: af4b29d4fe66c2c9aa23d76e0c1963959d3bba18ec873960f15dffe201111f8b
                                                                                                                                          • Opcode Fuzzy Hash: b49b562903f4cddcf4e4a45e885aa60aac4a6777328741c1d93c49cb569c563a
                                                                                                                                          • Instruction Fuzzy Hash: 27312A71E016189FCB10DF68CC81FAEB7BAAF95300F24868AE559EB241D776D980CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D38FD3E Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3969C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6D396A08
                                                                                                                                            • Part of subcall function 6D3969C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D396A15
                                                                                                                                            • Part of subcall function 6D3969C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D396A41
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923B3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923C3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923D6
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923E9
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923FC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39240F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArraySafe$Destroy$Bound$Element
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 757764206-0
                                                                                                                                          • Opcode ID: b49b562903f4cddcf4e4a45e885aa60aac4a6777328741c1d93c49cb569c563a
                                                                                                                                          • Instruction ID: ad4741e604b7840e9045098c951c10fbdb84f4f31c95c3ad354bbc1475fccf1a
                                                                                                                                          • Opcode Fuzzy Hash: b49b562903f4cddcf4e4a45e885aa60aac4a6777328741c1d93c49cb569c563a
                                                                                                                                          • Instruction Fuzzy Hash: 8B316F75E00A189FCB10CF69CD81BADB7BAAF95300F60859AE558EB242D776DD80CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D38FF89 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3969C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6D396A08
                                                                                                                                            • Part of subcall function 6D3969C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D396A15
                                                                                                                                            • Part of subcall function 6D3969C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6D396A41
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923B3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923C3
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923D6
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923E9
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D3923FC
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39240F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArraySafe$Destroy$Bound$Element
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 757764206-0
                                                                                                                                          • Opcode ID: 496e2a7fc71add5af1a6a60cc35a5179053e67c9d4ee04cff585b1e62e461f41
                                                                                                                                          • Instruction ID: 59c077e63d154aa1b9c162b97fc910472868cec44ea5892ba512ab5822c0af98
                                                                                                                                          • Opcode Fuzzy Hash: 496e2a7fc71add5af1a6a60cc35a5179053e67c9d4ee04cff585b1e62e461f41
                                                                                                                                          • Instruction Fuzzy Hash: 9B315E75E00A189FCB10CB68CD81BADB7BAAF85300F60869AE518EB241D776DD80CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3D06A0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 328COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D374760: __CxxThrowException@8.LIBCMT ref: 6D3747F9
                                                                                                                                          • _memmove.LIBCMT ref: 6D3D0907
                                                                                                                                          • _memmove.LIBCMT ref: 6D3D0936
                                                                                                                                          • _memmove.LIBCMT ref: 6D3D0959
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3D0A25
                                                                                                                                          Strings
                                                                                                                                          • PSSR_MEM: message recovery disabled, xrefs: 6D3D09E3
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _memmove$Exception@8Throw
                                                                                                                                          • String ID: PSSR_MEM: message recovery disabled
                                                                                                                                          • API String ID: 2655171816-3051149714
                                                                                                                                          • Opcode ID: 2b13d70996b94f392e47363c2a9fd5f4dfb0ce5004294b0285aa9858d80e13c4
                                                                                                                                          • Instruction ID: 6924a8ef54aca62f56316e8607185e83d19e2d9c0be11d8745fdd13345fc310d
                                                                                                                                          • Opcode Fuzzy Hash: 2b13d70996b94f392e47363c2a9fd5f4dfb0ce5004294b0285aa9858d80e13c4
                                                                                                                                          • Instruction Fuzzy Hash: 4FC157B56083419FD754CF29C880B6BBBE5BFC9704F148A5CE58987385DB31E909CBA2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3DBE8E Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __CreateFrameInfo.LIBCMT ref: 6D3DBEB6
                                                                                                                                            • Part of subcall function 6D3DAB70: __getptd.LIBCMT ref: 6D3DAB7E
                                                                                                                                            • Part of subcall function 6D3DAB70: __getptd.LIBCMT ref: 6D3DAB8C
                                                                                                                                          • __getptd.LIBCMT ref: 6D3DBEC0
                                                                                                                                            • Part of subcall function 6D3DEAE6: __getptd_noexit.LIBCMT ref: 6D3DEAE9
                                                                                                                                            • Part of subcall function 6D3DEAE6: __amsg_exit.LIBCMT ref: 6D3DEAF6
                                                                                                                                          • __getptd.LIBCMT ref: 6D3DBECE
                                                                                                                                          • __getptd.LIBCMT ref: 6D3DBEDC
                                                                                                                                          • __getptd.LIBCMT ref: 6D3DBEE7
                                                                                                                                          • _CallCatchBlock2.LIBCMT ref: 6D3DBF0D
                                                                                                                                            • Part of subcall function 6D3DAC15: __CallSettingFrame@12.LIBCMT ref: 6D3DAC61
                                                                                                                                            • Part of subcall function 6D3DBFB4: __getptd.LIBCMT ref: 6D3DBFC3
                                                                                                                                            • Part of subcall function 6D3DBFB4: __getptd.LIBCMT ref: 6D3DBFD1
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1602911419-0
                                                                                                                                          • Opcode ID: 848648e694489c5b92418ebaf4c5352c79fd874d2120c1ac76f9c55b7f68885b
                                                                                                                                          • Instruction ID: d88d6459538649c2ae1b8875c32bcd5d1736a315dde13fb4d9a9900f87ad90a1
                                                                                                                                          • Opcode Fuzzy Hash: 848648e694489c5b92418ebaf4c5352c79fd874d2120c1ac76f9c55b7f68885b
                                                                                                                                          • Instruction Fuzzy Hash: A31107B2D04309DFDF80DFA4D544AAEBBB0FF04318F118469E994AB250EB789A15DF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3A70E0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 187COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3A7267
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw
                                                                                                                                          • String ID: exceeds the maximum of $ is less than the minimum of $: IV length
                                                                                                                                          • API String ID: 2005118841-1273958906
                                                                                                                                          • Opcode ID: fe0efca32773b71cfd9b481577abd1fa38760e8b75ddfd29beba07d95493d941
                                                                                                                                          • Instruction ID: 9103809dcee8248c2b4ef3bea2d1b137672431fef868b1d8f70ae37ef48c41d9
                                                                                                                                          • Opcode Fuzzy Hash: fe0efca32773b71cfd9b481577abd1fa38760e8b75ddfd29beba07d95493d941
                                                                                                                                          • Instruction Fuzzy Hash: DC6183B110C380AFD371DB68C884FDFB7E8AF99344F058A1DE29987241DB75A905C7A6
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3CAE90 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _strncmptype_info::operator!=
                                                                                                                                          • String ID: ThisPointer:$ValueNames
                                                                                                                                          • API String ID: 1333309372-2375088429
                                                                                                                                          • Opcode ID: 2d2d1bc2b2a7c6f2ade327e9e9adc3b106b3c11cd732c2d51a095d59fc6e3435
                                                                                                                                          • Instruction ID: 3ec95018664228ea355708d559b8dd0cfce442a94510afef41bb8015329187ef
                                                                                                                                          • Opcode Fuzzy Hash: 2d2d1bc2b2a7c6f2ade327e9e9adc3b106b3c11cd732c2d51a095d59fc6e3435
                                                                                                                                          • Instruction Fuzzy Hash: 4A51D6722087415BC314CF64C891E37B7EAAF95358F058A5DE9D68B241D723EC098796
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3AA360 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _strncmptype_info::operator!=
                                                                                                                                          • String ID: ThisPointer:$ValueNames
                                                                                                                                          • API String ID: 1333309372-2375088429
                                                                                                                                          • Opcode ID: c5e0ce58f1cd3c7fd93191a018459eec2adc1ca5859fe65217de867779c6abb3
                                                                                                                                          • Instruction ID: f5affee1d5bf0b515c9310cb400a6101bb2dcb7eef6ac0ef542445701ee9946e
                                                                                                                                          • Opcode Fuzzy Hash: c5e0ce58f1cd3c7fd93191a018459eec2adc1ca5859fe65217de867779c6abb3
                                                                                                                                          • Instruction Fuzzy Hash: AE51A3323083425BC3148F64D895E37B7EAEF96318F098A6DF5D687382D767E8098761
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3CB9B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _strncmptype_info::operator!=
                                                                                                                                          • String ID: ThisPointer:$ValueNames
                                                                                                                                          • API String ID: 1333309372-2375088429
                                                                                                                                          • Opcode ID: 6dbedf2b04c0c796604e013e3778ec7d3eefc51031214ae53f30cbde9dfb0a97
                                                                                                                                          • Instruction ID: 2c52a43d7b19eaa43066b3069827a899ff4df749373915b40ea2e1236d597f59
                                                                                                                                          • Opcode Fuzzy Hash: 6dbedf2b04c0c796604e013e3778ec7d3eefc51031214ae53f30cbde9dfb0a97
                                                                                                                                          • Instruction Fuzzy Hash: 0F51E67620C3855BC314CF65D891E37B7EAAF96358F058A2CE5D68B241C763EC09C752
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3B1B70 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 165COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3B1C1A
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3B1CDE
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3B1D3E
                                                                                                                                          Strings
                                                                                                                                          • TF_SignerBase: this algorithm does not support messsage recovery or the key is too short, xrefs: 6D3B1C67
                                                                                                                                          • TF_SignerBase: the recoverable message part is too long for the given key and algorithm, xrefs: 6D3B1CF0
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                          • String ID: TF_SignerBase: the recoverable message part is too long for the given key and algorithm$TF_SignerBase: this algorithm does not support messsage recovery or the key is too short
                                                                                                                                          • API String ID: 3476068407-3371871069
                                                                                                                                          • Opcode ID: 53710cfb94e50c85ef3ba96567790631070c51d6a2444c390f1c7b48b1031e3f
                                                                                                                                          • Instruction ID: 13bf9c0790471256290f9078d199a1a36e9f7a64c3f3f415c2932ab1e7c892f0
                                                                                                                                          • Opcode Fuzzy Hash: 53710cfb94e50c85ef3ba96567790631070c51d6a2444c390f1c7b48b1031e3f
                                                                                                                                          • Instruction Fuzzy Hash: 5F513C752087449FD360DF58C880F6BF7E9BFD8214F108A1DE69987391DB74A905CBA2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3A6B00 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 161COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D374010: std::_Xinvalid_argument.LIBCPMT ref: 6D37402A
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3A6BA6
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                            • Part of subcall function 6D374010: std::_Xinvalid_argument.LIBCPMT ref: 6D374067
                                                                                                                                            • Part of subcall function 6D374010: _memmove.LIBCMT ref: 6D3740C8
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3A6C56
                                                                                                                                          Strings
                                                                                                                                          • D?m, xrefs: 6D3A6CE6
                                                                                                                                          • NullRNG: NullRNG should only be passed to functions that don't need to generate random bytes, xrefs: 6D3A6B33
                                                                                                                                          • RandomNumberGenerator: IncorporateEntropy not implemented, xrefs: 6D3A6BE3
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
                                                                                                                                          • String ID: NullRNG: NullRNG should only be passed to functions that don't need to generate random bytes$RandomNumberGenerator: IncorporateEntropy not implemented$D?m
                                                                                                                                          • API String ID: 1902190269-1853520507
                                                                                                                                          • Opcode ID: f50321bd1c243351d60934b59bd803a4f4f400ec3e777e9cde3c93dfffd52fd9
                                                                                                                                          • Instruction ID: aed0b81d75afbe61e978f376189c28df7502c260eebdc5b1f355655bb324eac8
                                                                                                                                          • Opcode Fuzzy Hash: f50321bd1c243351d60934b59bd803a4f4f400ec3e777e9cde3c93dfffd52fd9
                                                                                                                                          • Instruction Fuzzy Hash: 715135B1108780AFD310DF69C980A6BFBF8BB9D754F404A2EF5A583291D774E908CB56
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D393A90 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 130COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D393B71
                                                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D393B83
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D393BCF
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArraySafe$Bound$Destroy
                                                                                                                                          • String ID: lj9m$lj9m
                                                                                                                                          • API String ID: 3651546500-2844932542
                                                                                                                                          • Opcode ID: 76e3adbd6b97de893b62754a130c7b35e2f600990e6160ce467f8b357ac37307
                                                                                                                                          • Instruction ID: cc2bf10be4521d05b7c85e667aa019663e2532a6a5e376f1f352ba007f67f036
                                                                                                                                          • Opcode Fuzzy Hash: 76e3adbd6b97de893b62754a130c7b35e2f600990e6160ce467f8b357ac37307
                                                                                                                                          • Instruction Fuzzy Hash: 40418DB12086029FD711CF18C880E6EF7E9FBD9254F104A0EF5A8DB250E771E945CB92
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D374010 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D37402A
                                                                                                                                            • Part of subcall function 6D3D9125: std::exception::exception.LIBCMT ref: 6D3D913A
                                                                                                                                            • Part of subcall function 6D3D9125: __CxxThrowException@8.LIBCMT ref: 6D3D914F
                                                                                                                                            • Part of subcall function 6D3D9125: std::exception::exception.LIBCMT ref: 6D3D9160
                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D374067
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D90ED
                                                                                                                                            • Part of subcall function 6D3D90D8: __CxxThrowException@8.LIBCMT ref: 6D3D9102
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D9113
                                                                                                                                          • _memmove.LIBCMT ref: 6D3740C8
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_$_memmove
                                                                                                                                          • String ID: invalid string position$string too long
                                                                                                                                          • API String ID: 1615890066-4289949731
                                                                                                                                          • Opcode ID: e80870c03c21b595b1d8591edb5d15f8a8b86af504e02928d6f9e611101b51d7
                                                                                                                                          • Instruction ID: 3b0ef80c4ec7cbc6a2fdcc2e3f18d0ad87563fdf2364ac766f9322318da0ece7
                                                                                                                                          • Opcode Fuzzy Hash: e80870c03c21b595b1d8591edb5d15f8a8b86af504e02928d6f9e611101b51d7
                                                                                                                                          • Instruction Fuzzy Hash: D731D733304A149BD3319F5CE880A6AF7EDEB99764F21452FE191CB240D776EC4187A9
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D388470 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • InitializeCriticalSection.KERNEL32(00000000,00000000,6D385D89,00000000,00000004,00000000,?,00000000,00000000), ref: 6D3884EA
                                                                                                                                          • InitializeCriticalSection.KERNEL32(00000018,?,00000000,00000000), ref: 6D3884F0
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D38853C
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D388551
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalInitializeSection$Exception@8Throw_mallocstd::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 3005353045-3383511498
                                                                                                                                          • Opcode ID: 50facfbfe342c1d13382c47b7a99e972d2a5db555974bd422cae34eff1ab240a
                                                                                                                                          • Instruction ID: 97653ea80009d1fe2b7403cfdaeed3f986706f4c6470975b22d33cceed5ae8ce
                                                                                                                                          • Opcode Fuzzy Hash: 50facfbfe342c1d13382c47b7a99e972d2a5db555974bd422cae34eff1ab240a
                                                                                                                                          • Instruction Fuzzy Hash: D9317C72901709AFC710CF69C980A9AFBF4FF18210F408A6EE95687B41D770FA04CB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3A8D80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • _malloc.LIBCMT ref: 6D3A8D8A
                                                                                                                                            • Part of subcall function 6D3D9D66: __FF_MSGBANNER.LIBCMT ref: 6D3D9D7F
                                                                                                                                            • Part of subcall function 6D3D9D66: __NMSG_WRITE.LIBCMT ref: 6D3D9D86
                                                                                                                                            • Part of subcall function 6D3D9D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6D3D9BD4,6D371290,2D641B6B), ref: 6D3D9DAB
                                                                                                                                            • Part of subcall function 6D3D91F6: std::_Lockit::_Lockit.LIBCPMT ref: 6D3D9202
                                                                                                                                          • _malloc.LIBCMT ref: 6D3A8DAF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3A8DD4
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3A8DEB
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _malloc$AllocateException@8HeapLockitLockit::_Throwstd::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 3043633502-3383511498
                                                                                                                                          • Opcode ID: 2e1749ca388523ee5a416dc92c29eaf82db1ba0bb0c855d53b2a2c7e028ea62a
                                                                                                                                          • Instruction ID: b8209e6b128b08a048b9db4d8474eb9289a2c3035f6f2f50341be2c173197607
                                                                                                                                          • Opcode Fuzzy Hash: 2e1749ca388523ee5a416dc92c29eaf82db1ba0bb0c855d53b2a2c7e028ea62a
                                                                                                                                          • Instruction Fuzzy Hash: 51F0847380920A27C300EF659D2ABAF32B89F90214F04492CFAD092101FB22C609CAF3
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3DC23B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ___BuildCatchObject.LIBCMT ref: 6D3DC24E
                                                                                                                                            • Part of subcall function 6D3DC1A9: ___BuildCatchObjectHelper.LIBCMT ref: 6D3DC1DF
                                                                                                                                          • _UnwindNestedFrames.LIBCMT ref: 6D3DC265
                                                                                                                                          • ___FrameUnwindToState.LIBCMT ref: 6D3DC273
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
                                                                                                                                          • String ID: csm$csm
                                                                                                                                          • API String ID: 2163707966-3733052814
                                                                                                                                          • Opcode ID: 2a3f766c9b4dac2ca2754d74b5085f77c001a70fed88627ce95d418e20d78339
                                                                                                                                          • Instruction ID: c380a405be6cf777152b697e1a74c103c368acc3a19c00da044fbe5eac3cc24c
                                                                                                                                          • Opcode Fuzzy Hash: 2a3f766c9b4dac2ca2754d74b5085f77c001a70fed88627ce95d418e20d78339
                                                                                                                                          • Instruction Fuzzy Hash: 1A01463240410ABBDF425F90CC41EEA7F6AFF08398F048010BE5815120D73298B2DFA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3B2300 Relevance: 7.8, APIs: 5, Instructions: 257COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _memmove
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4104443479-0
                                                                                                                                          • Opcode ID: 7d3b957cb850ebc3c7cbe2fd38e806148b00680d8abfa98cac3b7dba4279754f
                                                                                                                                          • Instruction ID: 4f5670795a75640c9d687d172e1183472ad97e22d6016fbabceb277ef8b47fdb
                                                                                                                                          • Opcode Fuzzy Hash: 7d3b957cb850ebc3c7cbe2fd38e806148b00680d8abfa98cac3b7dba4279754f
                                                                                                                                          • Instruction Fuzzy Hash: B791C2752087028FD724DF58CA80A2BB7E9FFD8604F104A2DE599C7B40E735E905CBA2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3A1D50 Relevance: 7.6, APIs: 5, Instructions: 144timesleepCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Timetime$Sleep
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4176159691-0
                                                                                                                                          • Opcode ID: 729aae04aa2adfeb052548fb1f5ddcda7e21ae9adb0d13dbd0ae2a2887bd0523
                                                                                                                                          • Instruction ID: 36e108ceb04110e9744a32b440ee38d0f3a085a31033c672596de01d45335ad2
                                                                                                                                          • Opcode Fuzzy Hash: 729aae04aa2adfeb052548fb1f5ddcda7e21ae9adb0d13dbd0ae2a2887bd0523
                                                                                                                                          • Instruction Fuzzy Hash: 0851AFB2E042459FEB00DFA8DC86BAEBBB8FB05344F19847AD559D7240D3719D40CBA2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D387750 Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • EnterCriticalSection.KERNEL32(00000000,?,?), ref: 6D387761
                                                                                                                                          • LeaveCriticalSection.KERNEL32(00000000,?), ref: 6D387782
                                                                                                                                          • EnterCriticalSection.KERNEL32(00000018), ref: 6D387796
                                                                                                                                          • LeaveCriticalSection.KERNEL32(00000018), ref: 6D3877CE
                                                                                                                                          • QueueUserWorkItem.KERNEL32(6D3A1D50,00000000,00000010), ref: 6D38780C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalSection$EnterLeave$ItemQueueUserWork
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 584243675-0
                                                                                                                                          • Opcode ID: 3f26ce4be50f7106aa9ace26496e521e5c582be71c64898e694df1b9be5fbc1a
                                                                                                                                          • Instruction ID: f4729a7f776500516952c9d4b84d2f0109c630f238ce2c6f635497e1e7ffe234
                                                                                                                                          • Opcode Fuzzy Hash: 3f26ce4be50f7106aa9ace26496e521e5c582be71c64898e694df1b9be5fbc1a
                                                                                                                                          • Instruction Fuzzy Hash: F721B0B2A0520AAFCB10CF64D985FBBBBF9FF45300F008869E55687641D771E648CBA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3DF03B Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __getptd.LIBCMT ref: 6D3DF047
                                                                                                                                            • Part of subcall function 6D3DEAE6: __getptd_noexit.LIBCMT ref: 6D3DEAE9
                                                                                                                                            • Part of subcall function 6D3DEAE6: __amsg_exit.LIBCMT ref: 6D3DEAF6
                                                                                                                                          • __amsg_exit.LIBCMT ref: 6D3DF067
                                                                                                                                          • __lock.LIBCMT ref: 6D3DF077
                                                                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 6D3DF094
                                                                                                                                          • InterlockedIncrement.KERNEL32(04FE1680), ref: 6D3DF0BF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4271482742-0
                                                                                                                                          • Opcode ID: f2c5e97beb3ccf937134ae5e4747676fabe44e220272e1f3fc48ca6e5e4de558
                                                                                                                                          • Instruction ID: 57b1c9a818b7b3eea5271aa6e22e71df0c31bfb43b450fbdfb399035d41739ae
                                                                                                                                          • Opcode Fuzzy Hash: f2c5e97beb3ccf937134ae5e4747676fabe44e220272e1f3fc48ca6e5e4de558
                                                                                                                                          • Instruction Fuzzy Hash: 6601DE3390A727ABCB91AF649882B7EB774BF05714F028105E960A7280DB34AD41CFD1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3DF7BC Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __getptd.LIBCMT ref: 6D3DF7C8
                                                                                                                                            • Part of subcall function 6D3DEAE6: __getptd_noexit.LIBCMT ref: 6D3DEAE9
                                                                                                                                            • Part of subcall function 6D3DEAE6: __amsg_exit.LIBCMT ref: 6D3DEAF6
                                                                                                                                          • __getptd.LIBCMT ref: 6D3DF7DF
                                                                                                                                          • __amsg_exit.LIBCMT ref: 6D3DF7ED
                                                                                                                                          • __lock.LIBCMT ref: 6D3DF7FD
                                                                                                                                          • __updatetlocinfoEx_nolock.LIBCMT ref: 6D3DF811
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 938513278-0
                                                                                                                                          • Opcode ID: 37b9a7b0773c468a85f4afbed91aab202b19ab188065b64bb3e43f9a04d524a5
                                                                                                                                          • Instruction ID: 295d26c91b6ecf43b575b311f4c9482aadfd0aad594cd7f47bb3df2cbb6cb110
                                                                                                                                          • Opcode Fuzzy Hash: 37b9a7b0773c468a85f4afbed91aab202b19ab188065b64bb3e43f9a04d524a5
                                                                                                                                          • Instruction Fuzzy Hash: 8FF0F6339483428BD7E0A7789C42B9D77A07F40768F228109D6A0A61C0CB2099408E51
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3BE6E0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 331COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _memcpy_s
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2001391462-3916222277
                                                                                                                                          • Opcode ID: 94e48633010c0195b3717e3f03c32b370ff562c27ff31b6a1c3b379a037769a6
                                                                                                                                          • Instruction ID: e5caa90055b8a0572b4aa27ead8e6843687e572abe1f13c16ff7868867e0176e
                                                                                                                                          • Opcode Fuzzy Hash: 94e48633010c0195b3717e3f03c32b370ff562c27ff31b6a1c3b379a037769a6
                                                                                                                                          • Instruction Fuzzy Hash: ACC1AD756083028FE704CF2CC881A6AB7E5FFD8314F044A6DE592E7650E775EA49CB42
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D375450 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 257COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::tr1::_Xweak.LIBCPMT ref: 6D3756D7
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D375734
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D37574B
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8ThrowXweak_mallocstd::exception::exceptionstd::tr1::_
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2092180293-3383511498
                                                                                                                                          • Opcode ID: 8f384779dfac41d0f0a9dcff11f357264aa96e2550407e78070a3ccadfe94dcc
                                                                                                                                          • Instruction ID: ec5e4b4bcefd09cf1c84cd5a150a430865262f0472e5ba5f453a8692686cd441
                                                                                                                                          • Opcode Fuzzy Hash: 8f384779dfac41d0f0a9dcff11f357264aa96e2550407e78070a3ccadfe94dcc
                                                                                                                                          • Instruction Fuzzy Hash: D9A146B5508B458FC724CF24C48096AB7F6FF88714F158F5EE49A8B684E774EA48CB81
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3D8B60 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 252COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _memcpy_s_memmove_memset
                                                                                                                                          • String ID: EncodingParameters
                                                                                                                                          • API String ID: 4034675494-55378216
                                                                                                                                          • Opcode ID: 81a4fff25324b724844b4a5d80e98a480f60efadb9280c811e911ca2b08a8fc1
                                                                                                                                          • Instruction ID: ae1c15d9b8aed175f11f9dea805ffffa8b470a3e1c20455cfe8a9fd0f9e1dd3f
                                                                                                                                          • Opcode Fuzzy Hash: 81a4fff25324b724844b4a5d80e98a480f60efadb9280c811e911ca2b08a8fc1
                                                                                                                                          • Instruction Fuzzy Hash: 709188716093819FD340CF28C880B2BFBE5AFDA704F144A1DF99887391D672E944CBA2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3B1200 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 244COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3CD820: _memmove.LIBCMT ref: 6D3CD930
                                                                                                                                            • Part of subcall function 6D374010: std::_Xinvalid_argument.LIBCPMT ref: 6D37402A
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3B13D4
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                            • Part of subcall function 6D3A8D80: _malloc.LIBCMT ref: 6D3A8D8A
                                                                                                                                            • Part of subcall function 6D3A8D80: _malloc.LIBCMT ref: 6D3A8DAF
                                                                                                                                          Strings
                                                                                                                                          • : ciphertext length of , xrefs: 6D3B12E4
                                                                                                                                          • doesn't match the required length of , xrefs: 6D3B1316
                                                                                                                                          • for this key, xrefs: 6D3B1348
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _malloc$ExceptionException@8RaiseThrowXinvalid_argument_memmovestd::_
                                                                                                                                          • String ID: doesn't match the required length of $ for this key$: ciphertext length of
                                                                                                                                          • API String ID: 1025790555-2559040249
                                                                                                                                          • Opcode ID: b4821ec33128e6be9a80da33bc905991e35f89f2f8fd94ff5e5f53c1b5c4b69e
                                                                                                                                          • Instruction ID: fd44533670d5ebb83999de15ae7f38a843676c7c4dc0e1a01e02cde9504251d7
                                                                                                                                          • Opcode Fuzzy Hash: b4821ec33128e6be9a80da33bc905991e35f89f2f8fd94ff5e5f53c1b5c4b69e
                                                                                                                                          • Instruction Fuzzy Hash: 43A13C7150C3809FD364DB69D880B9BB7E9AFD9304F058A1DE2DD83251DB74A905CBA3
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3A31D0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 213COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _malloc_memmove
                                                                                                                                          • String ID: i7:m$i7:m
                                                                                                                                          • API String ID: 1183979061-1683594857
                                                                                                                                          • Opcode ID: 439a1237b3fc4f662874a81213678420baf19e80f3bd76bc54c00651658d284c
                                                                                                                                          • Instruction ID: 261ff68478ec56a24f29d93a1b938cddf9caf1788abfff33a2b0081dcab074c9
                                                                                                                                          • Opcode Fuzzy Hash: 439a1237b3fc4f662874a81213678420baf19e80f3bd76bc54c00651658d284c
                                                                                                                                          • Instruction Fuzzy Hash: 5781BE71B082069FDB04CF98C480BAEBBF1FF44314F1985A8D8699B2A1CB71E945CB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3DB47D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 185COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __startOneArgErrorHandling.LIBCMT ref: 6D3DB50D
                                                                                                                                            • Part of subcall function 6D3E1AA0: __87except.LIBCMT ref: 6D3E1ADB
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorHandling__87except__start
                                                                                                                                          • String ID: pow
                                                                                                                                          • API String ID: 2905807303-2276729525
                                                                                                                                          • Opcode ID: caeeeb33de2fd3a30b108aa717792ec6316807edfd6da48ded017fe4217324c4
                                                                                                                                          • Instruction ID: d531e74215e759ecb8f41d83954a16e3b0b2b9318d23d544b956a225ef7601f4
                                                                                                                                          • Opcode Fuzzy Hash: caeeeb33de2fd3a30b108aa717792ec6316807edfd6da48ded017fe4217324c4
                                                                                                                                          • Instruction Fuzzy Hash: 7C51A072E1C20792C741AB14D94237E7BB8EB41790F10CD6AE4E4CA2D8EF7688849E46
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D388560 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 179COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __cftoe.LIBCMT ref: 6D3888ED
                                                                                                                                            • Part of subcall function 6D3DA116: __mbstowcs_s_l.LIBCMT ref: 6D3DA12C
                                                                                                                                          • __cftoe.LIBCMT ref: 6D388911
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: __cftoe$__mbstowcs_s_l
                                                                                                                                          • String ID: zX$P
                                                                                                                                          • API String ID: 1494777130-2079734279
                                                                                                                                          • Opcode ID: 48776fd5a90fcbb6e246a54b15de4d13b5d0547275caf749e4f9b148e0abae12
                                                                                                                                          • Instruction ID: ae2542546c095ed93084f383020ba2291bae7397597d89da61c78e3d9331a14c
                                                                                                                                          • Opcode Fuzzy Hash: 48776fd5a90fcbb6e246a54b15de4d13b5d0547275caf749e4f9b148e0abae12
                                                                                                                                          • Instruction Fuzzy Hash: 1E9100B11087819FC376CF14C881BABBBE8FB84714F508A1DE1AD4B280EB716645CF96
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3A89D0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3A8ABB
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3A8B82
                                                                                                                                          Strings
                                                                                                                                          • PK_DefaultDecryptionFilter: ciphertext too long, xrefs: 6D3A8A8E
                                                                                                                                          • : invalid ciphertext, xrefs: 6D3A8B48
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw
                                                                                                                                          • String ID: : invalid ciphertext$PK_DefaultDecryptionFilter: ciphertext too long
                                                                                                                                          • API String ID: 2005118841-483996327
                                                                                                                                          • Opcode ID: a395f2fa04726f0e54a558d9ae2ebac16f222dfad3aedf97f9b930efbbec5a28
                                                                                                                                          • Instruction ID: 08a9f5c92c599f835931b36069ba84b49401840a50a87d95f6e75d8195878374
                                                                                                                                          • Opcode Fuzzy Hash: a395f2fa04726f0e54a558d9ae2ebac16f222dfad3aedf97f9b930efbbec5a28
                                                                                                                                          • Instruction Fuzzy Hash: 8B514DB52087819FD324CF54C990EABB7F8FF98704F048A1DE59A87651DB31E909CB62
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D37F190 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 148COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D374760: __CxxThrowException@8.LIBCMT ref: 6D3747F9
                                                                                                                                            • Part of subcall function 6D3A8D80: _malloc.LIBCMT ref: 6D3A8D8A
                                                                                                                                            • Part of subcall function 6D3A8D80: _malloc.LIBCMT ref: 6D3A8DAF
                                                                                                                                          • _memcpy_s.LIBCMT ref: 6D37F282
                                                                                                                                          • _memset.LIBCMT ref: 6D37F293
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _malloc$Exception@8Throw_memcpy_s_memset
                                                                                                                                          • String ID: @$\|?m
                                                                                                                                          • API String ID: 3081897325-1026962684
                                                                                                                                          • Opcode ID: a1c582b0e741e0a85706f5d4a62eee549c3863f043866eede01aceb1593953d7
                                                                                                                                          • Instruction ID: 3623611d02a01a3e478fa45080681d9cfb6a3c2c29f06b641d5f9a281b91f582
                                                                                                                                          • Opcode Fuzzy Hash: a1c582b0e741e0a85706f5d4a62eee549c3863f043866eede01aceb1593953d7
                                                                                                                                          • Instruction Fuzzy Hash: 9651BDB5D04349DFDB20CFA4D880BDEBBB4BF05308F108198D98967281DB756A49CFA2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D374E80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 128COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D374EFC
                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D374F16
                                                                                                                                          • _memmove.LIBCMT ref: 6D374F6C
                                                                                                                                            • Part of subcall function 6D374D90: std::_Xinvalid_argument.LIBCPMT ref: 6D374DA9
                                                                                                                                            • Part of subcall function 6D374D90: std::_Xinvalid_argument.LIBCPMT ref: 6D374DCA
                                                                                                                                            • Part of subcall function 6D374D90: std::_Xinvalid_argument.LIBCPMT ref: 6D374DE5
                                                                                                                                            • Part of subcall function 6D374D90: _memmove.LIBCMT ref: 6D374E4D
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                                                                          • String ID: string too long
                                                                                                                                          • API String ID: 2168136238-2556327735
                                                                                                                                          • Opcode ID: c899721171c4dec73cb87a1929a4685812420a91822529f3c104ee4ce20be56a
                                                                                                                                          • Instruction ID: 867c3146c37d693436cd57a59bc7d0f277e8ce989f89cb8e749514c6ec4b70e0
                                                                                                                                          • Opcode Fuzzy Hash: c899721171c4dec73cb87a1929a4685812420a91822529f3c104ee4ce20be56a
                                                                                                                                          • Instruction Fuzzy Hash: 98311A33310A108BD334DE5CE88097EF7EAEFD9620B21852FE595C7A41C735B84487A9
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3A6920 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 128COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3A6A34
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw
                                                                                                                                          • String ID: : this object does't support a special last block$t@m$D?m
                                                                                                                                          • API String ID: 2005118841-3285088912
                                                                                                                                          • Opcode ID: c0519f224df94438d8eb51803156f1f8279a7c00c3057bfb1ae0732dba141bb0
                                                                                                                                          • Instruction ID: 9429b101cd2223bc40443b5df10895e71b66ac95b96fddd84c5d110fbd8a0bb1
                                                                                                                                          • Opcode Fuzzy Hash: c0519f224df94438d8eb51803156f1f8279a7c00c3057bfb1ae0732dba141bb0
                                                                                                                                          • Instruction Fuzzy Hash: C04148752087809FD324DF28C881F6BBBE4BF9D258F108A2DF59993351DB34A905CB96
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D372090 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D374010: std::_Xinvalid_argument.LIBCPMT ref: 6D37402A
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D37211F
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                            • Part of subcall function 6D374010: std::_Xinvalid_argument.LIBCPMT ref: 6D374067
                                                                                                                                            • Part of subcall function 6D374010: _memmove.LIBCMT ref: 6D3740C8
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3721BF
                                                                                                                                          Strings
                                                                                                                                          • PK_MessageAccumulator: TruncatedFinal() should not be called, xrefs: 6D37215D
                                                                                                                                          • PK_MessageAccumulator: DigestSize() should not be called, xrefs: 6D3720BD
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
                                                                                                                                          • String ID: PK_MessageAccumulator: DigestSize() should not be called$PK_MessageAccumulator: TruncatedFinal() should not be called
                                                                                                                                          • API String ID: 1902190269-1268710280
                                                                                                                                          • Opcode ID: 8fcd7c91bf208219a4572c7c9c6f9dbbb1a319b32fdbf74c4b705c7e40558d4a
                                                                                                                                          • Instruction ID: 8178f48190f2a701835aaa5a4291c33e9f928f77ffb50028ef98aad4b79f6877
                                                                                                                                          • Opcode Fuzzy Hash: 8fcd7c91bf208219a4572c7c9c6f9dbbb1a319b32fdbf74c4b705c7e40558d4a
                                                                                                                                          • Instruction Fuzzy Hash: 4D411DB1C0428CEADB10DFE9D890AEDFBB8AB19354F108269E521A7691DB745A08CB54
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D374850 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 113COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3748E9
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3748FE
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                            • Part of subcall function 6D3749C0: std::exception::exception.LIBCMT ref: 6D3749EF
                                                                                                                                            • Part of subcall function 6D3749C0: __CxxThrowException@8.LIBCMT ref: 6D374A04
                                                                                                                                          • _memmove.LIBCMT ref: 6D374945
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaise_memmovestd::exception::_
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 163498487-3383511498
                                                                                                                                          • Opcode ID: d1313fc33b0446a21161824963ad72a3b668750681b99ea7154c8458b44ee781
                                                                                                                                          • Instruction ID: 327ea480746536b018d6f659b6fa13ea32fe193471cefafeb15421593ed6ec35
                                                                                                                                          • Opcode Fuzzy Hash: d1313fc33b0446a21161824963ad72a3b668750681b99ea7154c8458b44ee781
                                                                                                                                          • Instruction Fuzzy Hash: FE41F772D04609ABC714CF68C4906EEBBF4EB0D360F504229E86597780D375A940CBE1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D371D30 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 113COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D374010: std::_Xinvalid_argument.LIBCPMT ref: 6D37402A
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D371DC9
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                            • Part of subcall function 6D374010: std::_Xinvalid_argument.LIBCPMT ref: 6D374067
                                                                                                                                            • Part of subcall function 6D374010: _memmove.LIBCMT ref: 6D3740C8
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D371E74
                                                                                                                                          Strings
                                                                                                                                          • BufferedTransformation: this object is not attachable, xrefs: 6D371D67
                                                                                                                                          • CryptoMaterial: this object contains invalid values, xrefs: 6D371E16
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
                                                                                                                                          • String ID: BufferedTransformation: this object is not attachable$CryptoMaterial: this object contains invalid values
                                                                                                                                          • API String ID: 1902190269-3853263434
                                                                                                                                          • Opcode ID: 0fa71f28106e0caaf55e7e101105fb074973f303b37355bca3fea858f23d72f0
                                                                                                                                          • Instruction ID: 7c6e48a7984d6dc83afe6b922adc395e4cee73e0a93220564399a6a12be5c4c7
                                                                                                                                          • Opcode Fuzzy Hash: 0fa71f28106e0caaf55e7e101105fb074973f303b37355bca3fea858f23d72f0
                                                                                                                                          • Instruction Fuzzy Hash: BA413D71C0424CEEDB10DFE9D890AEEFBB8FB19354F108269E565A7291DB345A08CB54
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3A74C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 95COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3CD820: _memmove.LIBCMT ref: 6D3CD930
                                                                                                                                            • Part of subcall function 6D374010: std::_Xinvalid_argument.LIBCPMT ref: 6D37402A
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3A761A
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argument_memmovestd::_
                                                                                                                                          • String ID: byte digest to $ bytes$HashTransformation: can't truncate a
                                                                                                                                          • API String ID: 39012651-1139078987
                                                                                                                                          • Opcode ID: e996f73d1153dead0a999af8cd0ce1f030eb3169b47330a97141d0d432ed6fd6
                                                                                                                                          • Instruction ID: ffbbcca7dbe1d6aa350fe3073f39236f14aace4d7fb79d1a3ccc569bf93d60d1
                                                                                                                                          • Opcode Fuzzy Hash: e996f73d1153dead0a999af8cd0ce1f030eb3169b47330a97141d0d432ed6fd6
                                                                                                                                          • Instruction Fuzzy Hash: C741707110C3C0AAD370CB54C945F9BBBE8AB99314F058A2DF2D993281DB75A5048BA7
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3ABEF0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 88COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D3ABF2D
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D90ED
                                                                                                                                            • Part of subcall function 6D3D90D8: __CxxThrowException@8.LIBCMT ref: 6D3D9102
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D9113
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                                                                          • String ID: gfff$gfff$vector<T> too long
                                                                                                                                          • API String ID: 1823113695-3369487235
                                                                                                                                          • Opcode ID: e543a25b26f4fcb97e7c911741474b8c5f1029013e881023ef9806ff0c1fbaa4
                                                                                                                                          • Instruction ID: 7bf2c7e182510929199a3fc4b72346801a977245051076cc6fa61622f3661987
                                                                                                                                          • Opcode Fuzzy Hash: e543a25b26f4fcb97e7c911741474b8c5f1029013e881023ef9806ff0c1fbaa4
                                                                                                                                          • Instruction Fuzzy Hash: 7931C8B2A046099FC718CF59DC80E6AF7B9EB88300F14862DE9599B780D731B900CBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3D8F40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • QueryPerformanceCounter.KERNEL32(2D641B6B,2D641B6B,?,00000000), ref: 6D3D8F7F
                                                                                                                                          • GetLastError.KERNEL32(0000000A,?,00000000), ref: 6D3D8F8F
                                                                                                                                            • Part of subcall function 6D374010: std::_Xinvalid_argument.LIBCPMT ref: 6D37402A
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3D9014
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          • Timer: QueryPerformanceCounter failed with error , xrefs: 6D3D8FA5
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CounterErrorExceptionException@8LastPerformanceQueryRaiseThrowXinvalid_argumentstd::_
                                                                                                                                          • String ID: Timer: QueryPerformanceCounter failed with error
                                                                                                                                          • API String ID: 1823523280-4075696077
                                                                                                                                          • Opcode ID: e07989eb75b89396f03d85b0c7be1c1e93de67c1eeccb669d3f59c1c10a5c4f7
                                                                                                                                          • Instruction ID: 647196bddbc001cabbe63d4860cbf85c9f1151a5d44a17c2ba1fc1b648274907
                                                                                                                                          • Opcode Fuzzy Hash: e07989eb75b89396f03d85b0c7be1c1e93de67c1eeccb669d3f59c1c10a5c4f7
                                                                                                                                          • Instruction Fuzzy Hash: 6F212FB250C384AFD310DF24D841F6BB7E8FB9D658F404A1DF5A993281DB7595048BA3
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3D8E40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • QueryPerformanceFrequency.KERNEL32(2D641B6B,2D641B6B), ref: 6D3D8E7F
                                                                                                                                          • GetLastError.KERNEL32(0000000A), ref: 6D3D8E8F
                                                                                                                                            • Part of subcall function 6D374010: std::_Xinvalid_argument.LIBCPMT ref: 6D37402A
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3D8F14
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          • Timer: QueryPerformanceFrequency failed with error , xrefs: 6D3D8EA5
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorExceptionException@8FrequencyLastPerformanceQueryRaiseThrowXinvalid_argumentstd::_
                                                                                                                                          • String ID: Timer: QueryPerformanceFrequency failed with error
                                                                                                                                          • API String ID: 2175244869-348333943
                                                                                                                                          • Opcode ID: c070b5652853d9a896f5fcf73afd4327a64d94e6dcd6e265d196070844d9d1fb
                                                                                                                                          • Instruction ID: 461c76b3c953ad5c4290ac97d10dc4d963fd37fd61a55a3f5bb53beda31b0b72
                                                                                                                                          • Opcode Fuzzy Hash: c070b5652853d9a896f5fcf73afd4327a64d94e6dcd6e265d196070844d9d1fb
                                                                                                                                          • Instruction Fuzzy Hash: 76213DB250C380AFD310DF24D841FABB7E8FB89254F404A1DF5A983281DB75D9048BA3
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3A6480 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3A6518
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3A6558
                                                                                                                                          Strings
                                                                                                                                          • Cryptographic algorithms are disabled before the power-up self tests are performed., xrefs: 6D3A64E7
                                                                                                                                          • Cryptographic algorithms are disabled after a power-up self test failed., xrefs: 6D3A6527
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                          • String ID: Cryptographic algorithms are disabled after a power-up self test failed.$Cryptographic algorithms are disabled before the power-up self tests are performed.
                                                                                                                                          • API String ID: 3476068407-3345525433
                                                                                                                                          • Opcode ID: d89359b4db7e683799f4111c579152f97d4e49c506b4accd55b626a54e8db559
                                                                                                                                          • Instruction ID: f7250c4994ac36008a8753b6bda4191179c1d1bfbe48e3d3b27e55093ccf072c
                                                                                                                                          • Opcode Fuzzy Hash: d89359b4db7e683799f4111c579152f97d4e49c506b4accd55b626a54e8db559
                                                                                                                                          • Instruction Fuzzy Hash: A621087210CB809FD330DF64C941FABB3E8EB45208F418A2DE6C583141EB399404CEA7
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D37FDE0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53fileCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • UnmapViewOfFile.KERNEL32(?,?,00000000,6D37FA73,?,2D641B6B), ref: 6D37FE2D
                                                                                                                                          • CloseHandle.KERNEL32(?,?,00000000,6D37FA73,?,2D641B6B), ref: 6D37FE43
                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,00000000,6D37FA73,?,2D641B6B), ref: 6D37FE4E
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CloseHandle$FileUnmapView
                                                                                                                                          • String ID: .#v
                                                                                                                                          • API String ID: 260491571-507759092
                                                                                                                                          • Opcode ID: a70be08995ca41c04612b0e1ac6e5e053ce456483beb53ae689b08bb39375d9a
                                                                                                                                          • Instruction ID: b1f16aa413f278468f1f3d53823538b093f7a97a894f00a58cc6485a8495583a
                                                                                                                                          • Opcode Fuzzy Hash: a70be08995ca41c04612b0e1ac6e5e053ce456483beb53ae689b08bb39375d9a
                                                                                                                                          • Instruction Fuzzy Hash: D90128B1A88E025ED7308B75D841BA773B9BB86320F1D981AD48543912D33ED881DA18
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3AC120 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 52COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D3AC14E
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D90ED
                                                                                                                                            • Part of subcall function 6D3D90D8: __CxxThrowException@8.LIBCMT ref: 6D3D9102
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D9113
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
                                                                                                                                          • String ID: gfff$gfff$vector<T> too long
                                                                                                                                          • API String ID: 1823113695-3369487235
                                                                                                                                          • Opcode ID: b40e51d77866d6f7668c6f4866dc49602c451f9e8944b5efa3987031883ec510
                                                                                                                                          • Instruction ID: 5e2e63fa5723614bd3ebc3ed7a84a87b9ffc4cb7d0454c753c9c75144b77d6c7
                                                                                                                                          • Opcode Fuzzy Hash: b40e51d77866d6f7668c6f4866dc49602c451f9e8944b5efa3987031883ec510
                                                                                                                                          • Instruction Fuzzy Hash: C801AD77F140291F8311993FFD4044AFA8BAAC429431DCA3AE608DF349E531DC0287D2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D385160 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D385173
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D90ED
                                                                                                                                            • Part of subcall function 6D3D90D8: __CxxThrowException@8.LIBCMT ref: 6D3D9102
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D9113
                                                                                                                                          • _memmove.LIBCMT ref: 6D38519E
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                                                          • String ID: n/:m$vector<T> too long
                                                                                                                                          • API String ID: 1785806476-26639677
                                                                                                                                          • Opcode ID: 246b91cc6d925258fecd1e24a5a2ae8c419136e0ae6b42d5d117de26c873e932
                                                                                                                                          • Instruction ID: 93f72604824ca4343ebffb9eb7b20ceddca0c63b0cf4b685e22cdb0bbcb4e528
                                                                                                                                          • Opcode Fuzzy Hash: 246b91cc6d925258fecd1e24a5a2ae8c419136e0ae6b42d5d117de26c873e932
                                                                                                                                          • Instruction Fuzzy Hash: 0101A2B26042069FDB28CFA8CCA1C7BB3E8EB54215715892DE99BC3741E771F800CB61
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D395900 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D395932
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D395947
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                          • String ID: 0B?m$0B?m
                                                                                                                                          • API String ID: 4063778783-2506672065
                                                                                                                                          • Opcode ID: 6fa2dd72bffb8b71f5dc6833507c87ec08d85fca3ffa43d8ddf85faff9adb75e
                                                                                                                                          • Instruction ID: 9de7b7102370821361da3a496b3d1a23f7308792b65a702eb5ed0aad979229ef
                                                                                                                                          • Opcode Fuzzy Hash: 6fa2dd72bffb8b71f5dc6833507c87ec08d85fca3ffa43d8ddf85faff9adb75e
                                                                                                                                          • Instruction Fuzzy Hash: 41E09B7280411A56FB48DFF09D11BBFB2789F1427AF50067CDA1552180FB7196048762
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3831E0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D383216
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D38322B
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                          • String ID: 0B?m$0B?m
                                                                                                                                          • API String ID: 4063778783-2506672065
                                                                                                                                          • Opcode ID: 320a2afde6c41bb35ea0b1e034b78829fd0372f04c6aca39d9ce4e909ba3e11c
                                                                                                                                          • Instruction ID: c970288f236e6b258d66e19b5b4f9367a3cf10e156ff1a969c5f385f69dcf54a
                                                                                                                                          • Opcode Fuzzy Hash: 320a2afde6c41bb35ea0b1e034b78829fd0372f04c6aca39d9ce4e909ba3e11c
                                                                                                                                          • Instruction Fuzzy Hash: 5FE0E57181420A66DB04EFE0D921BFFB3789F04358F004668C92582291F771920489B2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3B25D0 Relevance: 6.2, APIs: 4, Instructions: 206COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _memmove$Exception@8Throw
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2655171816-0
                                                                                                                                          • Opcode ID: 2efe974f07d00ec507c829a0ba7b102568f97957a44ba9f01302e00876e6513e
                                                                                                                                          • Instruction ID: c1173a90319431df797c08ee8c6248fa368aa6557a47a24e7bcb5282c4fc8109
                                                                                                                                          • Opcode Fuzzy Hash: 2efe974f07d00ec507c829a0ba7b102568f97957a44ba9f01302e00876e6513e
                                                                                                                                          • Instruction Fuzzy Hash: 245182797087068FD714DF68CE81A2AB3E9AFE8604F104A2DE595C3740EB75E9058B92
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D38DE50 Relevance: 6.1, APIs: 4, Instructions: 118COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Variant$Clear$Init
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3740757921-0
                                                                                                                                          • Opcode ID: b5028164dd81ad57126c38aadc0c705362194b59fcdac0ecf2f2d18fc590b1af
                                                                                                                                          • Instruction ID: c6d40571ef0229399722b76dd0ce39e679c4ddf377cdff0a50cb24fbaf3a4b0d
                                                                                                                                          • Opcode Fuzzy Hash: b5028164dd81ad57126c38aadc0c705362194b59fcdac0ecf2f2d18fc590b1af
                                                                                                                                          • Instruction Fuzzy Hash: E24179322083029FD700DF29D840B6AB7E8FFD9710F048A6AF9549B351E735E805CBA2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39C410 Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6D39C478
                                                                                                                                          • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6D39C488
                                                                                                                                          • SafeArrayGetElement.OLEAUT32(?,00000001,?), ref: 6D39C4B4
                                                                                                                                          • SafeArrayDestroy.OLEAUT32(?), ref: 6D39C512
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArraySafe$Bound$DestroyElement
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3987547017-0
                                                                                                                                          • Opcode ID: 031e418f0899d40ce6d38194b57a3dc6eb764cc0ed690ce06b3736a18c9a14bd
                                                                                                                                          • Instruction ID: 937308893084364ee00766eaf6fd29c0b040889dea00511ed020c5977d21b85d
                                                                                                                                          • Opcode Fuzzy Hash: 031e418f0899d40ce6d38194b57a3dc6eb764cc0ed690ce06b3736a18c9a14bd
                                                                                                                                          • Instruction Fuzzy Hash: 85413071A0014AAFDB00DF98C981EBEB7B8FB49350F10C569F919EB240E731EA45CB60
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39B580 Relevance: 6.1, APIs: 4, Instructions: 111COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VariantInit.OLEAUT32(6D3F02A0), ref: 6D39B5D5
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D39B5E2
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D39B685
                                                                                                                                          • VariantClear.OLEAUT32(6D3F02A0), ref: 6D39B68B
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Variant$ClearInit
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2610073882-0
                                                                                                                                          • Opcode ID: 7252cbc315670838a2bb491adebc74af2671fac6fb61796cd35487aecb8588dc
                                                                                                                                          • Instruction ID: 68eb1bb0a6909a44b125e383c6a6831c056a2c8c5a1ce824eb2814acea80382d
                                                                                                                                          • Opcode Fuzzy Hash: 7252cbc315670838a2bb491adebc74af2671fac6fb61796cd35487aecb8588dc
                                                                                                                                          • Instruction Fuzzy Hash: B5418372A00209EFDB10DFA9D980B9AF7F9FF99350F208199E9149B350D736E901CB90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3E88C9 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 6D3E88FD
                                                                                                                                          • __isleadbyte_l.LIBCMT ref: 6D3E8930
                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?), ref: 6D3E8961
                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?), ref: 6D3E89CF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3058430110-0
                                                                                                                                          • Opcode ID: b1044711e47ef4872849dc33bec044831c08f8561c12041bf3999e785286df80
                                                                                                                                          • Instruction ID: 882116d1d7e4a97ccbb62847ebb90f33fa16e4778115858bf4cadb7563885c0d
                                                                                                                                          • Opcode Fuzzy Hash: b1044711e47ef4872849dc33bec044831c08f8561c12041bf3999e785286df80
                                                                                                                                          • Instruction Fuzzy Hash: C231AF31E1426AEFDB01CFA8C881ABD3BB4BF41390F15856AF5A4AB1E0D332D940DB51
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3E2645 Relevance: 6.1, APIs: 4, Instructions: 68COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • _malloc.LIBCMT ref: 6D3E2653
                                                                                                                                            • Part of subcall function 6D3D9D66: __FF_MSGBANNER.LIBCMT ref: 6D3D9D7F
                                                                                                                                            • Part of subcall function 6D3D9D66: __NMSG_WRITE.LIBCMT ref: 6D3D9D86
                                                                                                                                            • Part of subcall function 6D3D9D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6D3D9BD4,6D371290,2D641B6B), ref: 6D3D9DAB
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AllocateHeap_malloc
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 501242067-0
                                                                                                                                          • Opcode ID: 17d2f342d1e8f8818bbf39fc279588564f4bbc25eb0a40d8f755e9ee19b54703
                                                                                                                                          • Instruction ID: b25a5d922fc66acb35ec120a6a90b532a4e5bfa12e5c9d8512a26d8278f8b9e6
                                                                                                                                          • Opcode Fuzzy Hash: 17d2f342d1e8f8818bbf39fc279588564f4bbc25eb0a40d8f755e9ee19b54703
                                                                                                                                          • Instruction Fuzzy Hash: 9E11EB3744972BABCF311F34BD0476D37A8AB463E0B158627F684961D0DB71C9418F64
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D387240 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3A4410: _malloc.LIBCMT ref: 6D3A446E
                                                                                                                                          • SafeArrayCreateVector.OLEAUT32(00000011,00000000,?), ref: 6D387287
                                                                                                                                          • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6D38729B
                                                                                                                                          • _memmove.LIBCMT ref: 6D3872AF
                                                                                                                                          • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6D3872B8
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ArraySafe$Data$AccessCreateUnaccessVector_malloc_memmove
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 583974297-0
                                                                                                                                          • Opcode ID: fe5c309326f9913f5c6204ed217d7e382edd18e40005b72270eaa2c6223c5d12
                                                                                                                                          • Instruction ID: 68b7395bf965f62077afe5dd2e3643c327a126ab0e87dd43d852c08a42204398
                                                                                                                                          • Opcode Fuzzy Hash: fe5c309326f9913f5c6204ed217d7e382edd18e40005b72270eaa2c6223c5d12
                                                                                                                                          • Instruction Fuzzy Hash: D6115EB2A00119BBCB04DFA5DC80EDFBB7DEBD9694B018269F90497201D7759A05CBE0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D395A70 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 6D395AB9
                                                                                                                                          • VariantCopy.OLEAUT32(?,6D409C90), ref: 6D395AC1
                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 6D395AE2
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D395AEF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Variant$ClearCopyException@8InitThrow
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3826472263-0
                                                                                                                                          • Opcode ID: 37e24d2a200ed7fd7f579a0e6214fcdd338d9d3391a3193ebe993d8a6f42faae
                                                                                                                                          • Instruction ID: 5c3f72cc0aeedb75e5ac50f88677f526419baa830971b4f6bd6fdade77b3ee62
                                                                                                                                          • Opcode Fuzzy Hash: 37e24d2a200ed7fd7f579a0e6214fcdd338d9d3391a3193ebe993d8a6f42faae
                                                                                                                                          • Instruction Fuzzy Hash: 6211D072904669BFCB01DF98C884AAEBB78EB45624F11812AE924A7340D7756E44CBE4
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3E0A60 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3016257755-0
                                                                                                                                          • Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                                                          • Instruction ID: 32305435e843b78b9eeda76e8cae6c4bb7701228a139dfe6c4f38d7a54b28f13
                                                                                                                                          • Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
                                                                                                                                          • Instruction Fuzzy Hash: 0D117B3240415EBBCF524E86DC51CEE3F26BB19394B498516FE68590B0CB37C6B2AB81
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3C97F0 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 310COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3C1200: _memcpy_s.LIBCMT ref: 6D3C12DD
                                                                                                                                            • Part of subcall function 6D3C2080: __CxxThrowException@8.LIBCMT ref: 6D3C2183
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3C9BA3
                                                                                                                                          Strings
                                                                                                                                          • hM?m, xrefs: 6D3C9882
                                                                                                                                          • InvertibleRSAFunction: computational error during private key operation, xrefs: 6D3C9B08
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw$_memcpy_s
                                                                                                                                          • String ID: InvertibleRSAFunction: computational error during private key operation$hM?m
                                                                                                                                          • API String ID: 4047871975-2458958988
                                                                                                                                          • Opcode ID: 67e6172b155fff95e126a1399107b682891e474177bdc41852373b1f2400c301
                                                                                                                                          • Instruction ID: fba8b737efa0ab1631a53d756329efda3b81cfd72d3831de39a9e1d8bb29fd96
                                                                                                                                          • Opcode Fuzzy Hash: 67e6172b155fff95e126a1399107b682891e474177bdc41852373b1f2400c301
                                                                                                                                          • Instruction Fuzzy Hash: 79C17F7550C3849FD334CB64C840BDBB7E8AF99308F05892DE6D993281DB75A908CBA3
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3D8970 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 175COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _memmove_memset
                                                                                                                                          • String ID: EncodingParameters
                                                                                                                                          • API String ID: 3555123492-55378216
                                                                                                                                          • Opcode ID: 2722d210449a4ce4bb16d473dd173a0457a4d5a8a93abd261c826df917e5d63a
                                                                                                                                          • Instruction ID: 77ae41f94683245066e166d2eb0e429141efc9cdef6f5b02fcdf2469acf606be
                                                                                                                                          • Opcode Fuzzy Hash: 2722d210449a4ce4bb16d473dd173a0457a4d5a8a93abd261c826df917e5d63a
                                                                                                                                          • Instruction Fuzzy Hash: CB6111B52083419FD344CF68C880A2AFBE9BFC9754F148A1DF59987391D7B0E941CBA2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D374100 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D374175
                                                                                                                                          • _memmove.LIBCMT ref: 6D3741C6
                                                                                                                                            • Part of subcall function 6D374010: std::_Xinvalid_argument.LIBCPMT ref: 6D37402A
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Xinvalid_argumentstd::_$_memmove
                                                                                                                                          • String ID: string too long
                                                                                                                                          • API String ID: 2168136238-2556327735
                                                                                                                                          • Opcode ID: a4c69b34b2a2b7f06d847cbfcf7d9bac0ac5a03b8a32d7df370a8eca6dd870f6
                                                                                                                                          • Instruction ID: 6c1bdd112ac8d525b1b15d5c5d46f8fe406ab663762b8a1a23390149fc9e9580
                                                                                                                                          • Opcode Fuzzy Hash: a4c69b34b2a2b7f06d847cbfcf7d9bac0ac5a03b8a32d7df370a8eca6dd870f6
                                                                                                                                          • Instruction Fuzzy Hash: 6431C732314A149BD331AE5CEC80A6AF7EDEBB9664B20491FE591C7640C765FC40C7A5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D395380 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D395488
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D39549F
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 4063778783-3383511498
                                                                                                                                          • Opcode ID: 1e71d2cd41a5af806d6645036d3e27c100dc43622216339821638244f01cfe04
                                                                                                                                          • Instruction ID: 465afdcbf896f14bef9b11bbc918d5ca2b55ded0be1d5d81019179dca420c7a2
                                                                                                                                          • Opcode Fuzzy Hash: 1e71d2cd41a5af806d6645036d3e27c100dc43622216339821638244f01cfe04
                                                                                                                                          • Instruction Fuzzy Hash: F4316E715087059FC744DF28C8819AAB7F4FF89714F508A6EF5958B350E731EA06CB92
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3954B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D395581
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D395598
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 4063778783-3383511498
                                                                                                                                          • Opcode ID: 6433b34d0203c484701cf2a05e6cb3831f1b2a6ee2a655650da7ea0ac2cb3f6a
                                                                                                                                          • Instruction ID: 0a825517b88b4bf3a63ae19448dff092c9675d3ad9d42c6da544781def61f600
                                                                                                                                          • Opcode Fuzzy Hash: 6433b34d0203c484701cf2a05e6cb3831f1b2a6ee2a655650da7ea0ac2cb3f6a
                                                                                                                                          • Instruction Fuzzy Hash: C73181725082099FC744CF58D881DABB7F9FF89324F01866EF5558B251E730EA05CBA2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3AC350 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 104COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3AC39B
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw
                                                                                                                                          • String ID: gfff$gfff
                                                                                                                                          • API String ID: 2005118841-3084402119
                                                                                                                                          • Opcode ID: 0fc975951894ecdd0a9fd187ee17f5a7dd85dbf523fbdf3c3300f41ba2466e2d
                                                                                                                                          • Instruction ID: 77f11e331e268cd6bf4ce1034ef5f3b159507ae546a9c927f1f65573c2fdeddd
                                                                                                                                          • Opcode Fuzzy Hash: 0fc975951894ecdd0a9fd187ee17f5a7dd85dbf523fbdf3c3300f41ba2466e2d
                                                                                                                                          • Instruction Fuzzy Hash: 45316175A0420EAFDB14CF98ED80EBEB7B9EF84314F44811CE9559B284D770BA05CBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3718C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D374010: std::_Xinvalid_argument.LIBCPMT ref: 6D37402A
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D37194F
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D37198E
                                                                                                                                            • Part of subcall function 6D3D95C1: std::exception::operator=.LIBCMT ref: 6D3D95DA
                                                                                                                                            • Part of subcall function 6D374010: std::_Xinvalid_argument.LIBCPMT ref: 6D374067
                                                                                                                                            • Part of subcall function 6D374010: _memmove.LIBCMT ref: 6D3740C8
                                                                                                                                          Strings
                                                                                                                                          • Clone() is not implemented yet., xrefs: 6D3718ED
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Xinvalid_argumentstd::_$ExceptionException@8RaiseThrow_memmovestd::exception::exceptionstd::exception::operator=
                                                                                                                                          • String ID: Clone() is not implemented yet.
                                                                                                                                          • API String ID: 2192554526-226299721
                                                                                                                                          • Opcode ID: becfc78cefc19d2c337feb6554c51bd50170d12f901f9c21e0beb997238383c8
                                                                                                                                          • Instruction ID: 328e0c5138d9bd9d70513d8e3705016215caf08d14cd915cf122f81383733b2f
                                                                                                                                          • Opcode Fuzzy Hash: becfc78cefc19d2c337feb6554c51bd50170d12f901f9c21e0beb997238383c8
                                                                                                                                          • Instruction Fuzzy Hash: A4316DB180424CBFDB10CF98D840BAEFBB8FB09324F10862EE521A7781D775A905CB94
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3A5560 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 95COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D374010: std::_Xinvalid_argument.LIBCPMT ref: 6D37402A
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3A5657
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          • StringStore: missing InputBuffer argument, xrefs: 6D3A55E0
                                                                                                                                          • InputBuffer, xrefs: 6D3A55BF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                                                                                                                          • String ID: InputBuffer$StringStore: missing InputBuffer argument
                                                                                                                                          • API String ID: 3718517217-2380213735
                                                                                                                                          • Opcode ID: 33380492d4a7dfb957b2de993ce5fab3f9532da4c8e243c44bbd22c2b9fc43eb
                                                                                                                                          • Instruction ID: 0d44410eb1d0abb7bcc60714f62244204427810de93584f07b158e9c4d924f8d
                                                                                                                                          • Opcode Fuzzy Hash: 33380492d4a7dfb957b2de993ce5fab3f9532da4c8e243c44bbd22c2b9fc43eb
                                                                                                                                          • Instruction Fuzzy Hash: CE4145B150C7819FC320CF29C490A6BFBE0BB99714F448A2EF5E983391DB759908CB52
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D371EA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D374010: std::_Xinvalid_argument.LIBCPMT ref: 6D37402A
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D371F36
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D371F6E
                                                                                                                                            • Part of subcall function 6D3D95C1: std::exception::operator=.LIBCMT ref: 6D3D95DA
                                                                                                                                            • Part of subcall function 6D374010: std::_Xinvalid_argument.LIBCPMT ref: 6D374067
                                                                                                                                            • Part of subcall function 6D374010: _memmove.LIBCMT ref: 6D3740C8
                                                                                                                                          Strings
                                                                                                                                          • CryptoMaterial: this object does not support precomputation, xrefs: 6D371ED4
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Xinvalid_argumentstd::_$ExceptionException@8RaiseThrow_memmovestd::exception::exceptionstd::exception::operator=
                                                                                                                                          • String ID: CryptoMaterial: this object does not support precomputation
                                                                                                                                          • API String ID: 2192554526-3625584042
                                                                                                                                          • Opcode ID: dbc6f2f9bee3c2747cb0911de848e24e9d35acdd33247dfe9262b2e9a3fbeca2
                                                                                                                                          • Instruction ID: 3621b3fb1c265d1ae0e8443656378000751c22c797671b74b76771a98d5c23bc
                                                                                                                                          • Opcode Fuzzy Hash: dbc6f2f9bee3c2747cb0911de848e24e9d35acdd33247dfe9262b2e9a3fbeca2
                                                                                                                                          • Instruction Fuzzy Hash: 12318FB1804248EFCB10DF98D840BAEFBB8FB09324F10862EE520A7781D775A905CB94
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D383317 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D383327
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D38336B
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D90ED
                                                                                                                                            • Part of subcall function 6D3D90D8: __CxxThrowException@8.LIBCMT ref: 6D3D9102
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D9113
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throwstd::exception::exception$ExceptionRaiseXinvalid_argumentstd::_
                                                                                                                                          • String ID: vector<T> too long
                                                                                                                                          • API String ID: 1735018483-3788999226
                                                                                                                                          • Opcode ID: a834bfc708a7f7fe85f725c0587de305e062af6b89dac2bd6bf3c386800736b2
                                                                                                                                          • Instruction ID: 8a89d059fddd68cd66c3c165398a5f096f7e5383db788f5153dda5565ee70246
                                                                                                                                          • Opcode Fuzzy Hash: a834bfc708a7f7fe85f725c0587de305e062af6b89dac2bd6bf3c386800736b2
                                                                                                                                          • Instruction Fuzzy Hash: 3731E072A042099FCB14DF98DC81F7AB7B1EB09314F158239E9269B391DB71AD00CBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39D790 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D39D861
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D39D878
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 4063778783-3383511498
                                                                                                                                          • Opcode ID: bfebec3d214004828019f35c0e0aeb8da6ca10e66d2c4d04e2784832ac1834d5
                                                                                                                                          • Instruction ID: fe6ad2fbe86757d62565874541e2ae7dc36d655a96ad6690e24f14c0b6fdbfe7
                                                                                                                                          • Opcode Fuzzy Hash: bfebec3d214004828019f35c0e0aeb8da6ca10e66d2c4d04e2784832ac1834d5
                                                                                                                                          • Instruction Fuzzy Hash: A6317A715082459FC744CF18D88196AB7E4FF89324F418A6EF5958B6A0EB30E905CBA2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D395810 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D39584D
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D90ED
                                                                                                                                            • Part of subcall function 6D3D90D8: __CxxThrowException@8.LIBCMT ref: 6D3D9102
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D9113
                                                                                                                                          • VariantClear.OLEAUT32(00000000), ref: 6D395899
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: std::exception::exception$ClearException@8ThrowVariantXinvalid_argumentstd::_
                                                                                                                                          • String ID: vector<T> too long
                                                                                                                                          • API String ID: 2677079660-3788999226
                                                                                                                                          • Opcode ID: 2bf7df24601bd95072ff038d49c14033dbbb72d37e679e72a06aaddccf777c18
                                                                                                                                          • Instruction ID: c1f77e4822e0c686f72ae3ede1df70027f9b4e4b30c8cd9f7305f8c0edbfcedf
                                                                                                                                          • Opcode Fuzzy Hash: 2bf7df24601bd95072ff038d49c14033dbbb72d37e679e72a06aaddccf777c18
                                                                                                                                          • Instruction Fuzzy Hash: A0218372A046099FD710CF6CD881A7EB7F9FF48324F65862EE565D7740E731A9408B90
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D385750 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D38576B
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D90ED
                                                                                                                                            • Part of subcall function 6D3D90D8: __CxxThrowException@8.LIBCMT ref: 6D3D9102
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D9113
                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D385782
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw
                                                                                                                                          • String ID: string too long
                                                                                                                                          • API String ID: 963545896-2556327735
                                                                                                                                          • Opcode ID: 9bbbd7a9782cda6ab35933cb1e2d6377acaab02243016a1a362bb5d8e25dfeb1
                                                                                                                                          • Instruction ID: 34277c86e2132d127ecf93756d12c5a166a594ca3c1fefb14578d5342b7ff0f6
                                                                                                                                          • Opcode Fuzzy Hash: 9bbbd7a9782cda6ab35933cb1e2d6377acaab02243016a1a362bb5d8e25dfeb1
                                                                                                                                          • Instruction Fuzzy Hash: F111D3337086149FD3219A5CEC90A7AF3EDEF95620F61462FF5A3C7642C772A80487A1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3746B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D3746C4
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D90ED
                                                                                                                                            • Part of subcall function 6D3D90D8: __CxxThrowException@8.LIBCMT ref: 6D3D9102
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D9113
                                                                                                                                          • _memmove.LIBCMT ref: 6D37470B
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                                                          • String ID: string too long
                                                                                                                                          • API String ID: 1785806476-2556327735
                                                                                                                                          • Opcode ID: 7dfdb32ff9271c272ff3f564e045153080d8354b15664cd6042b8db94b53bce5
                                                                                                                                          • Instruction ID: c369532b5087ffd4db8f84362d0423c8afb832c5220f1bf3a9459dd9a6b25a9c
                                                                                                                                          • Opcode Fuzzy Hash: 7dfdb32ff9271c272ff3f564e045153080d8354b15664cd6042b8db94b53bce5
                                                                                                                                          • Instruction Fuzzy Hash: 8F113B32118B505FE7309D7CACC0A7EB7A8AF5A314F204A2ED5E783581D766F4488765
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3A4D30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D374010: std::_Xinvalid_argument.LIBCPMT ref: 6D37402A
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3A4E00
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          • ArraySink: missing OutputBuffer argument, xrefs: 6D3A4D91
                                                                                                                                          • OutputBuffer, xrefs: 6D3A4D77
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                                                                                                                          • String ID: ArraySink: missing OutputBuffer argument$OutputBuffer
                                                                                                                                          • API String ID: 3718517217-3781944848
                                                                                                                                          • Opcode ID: c327ac57f513d27d6eae552f9c7bc6550d1b26839bfb5bcc670a06b879454149
                                                                                                                                          • Instruction ID: 1a1c11e66004fe28933d6069a30371d036e9b18232ea8b1be14e678d41134580
                                                                                                                                          • Opcode Fuzzy Hash: c327ac57f513d27d6eae552f9c7bc6550d1b26839bfb5bcc670a06b879454149
                                                                                                                                          • Instruction Fuzzy Hash: C03105B550C780AFC310CF68C880A6BFBF4BB99654F408A2EF5A583351DB75D908CB92
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3D0B90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3A6480: __CxxThrowException@8.LIBCMT ref: 6D3A6518
                                                                                                                                            • Part of subcall function 6D3A6480: __CxxThrowException@8.LIBCMT ref: 6D3A6558
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • _memset.LIBCMT ref: 6D3D0C4E
                                                                                                                                          • _memset.LIBCMT ref: 6D3D0C5D
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw_memset$_malloc
                                                                                                                                          • String ID: @R?m
                                                                                                                                          • API String ID: 4112577501-3199552038
                                                                                                                                          • Opcode ID: c0381a1d6068fb6432c90b6863da103f2c7bb15eeb7535b681e31660f065bb09
                                                                                                                                          • Instruction ID: bada1fb3b3e5493b523ddbbbaf81dbb8430a14536571cd16d20a945f54e926ca
                                                                                                                                          • Opcode Fuzzy Hash: c0381a1d6068fb6432c90b6863da103f2c7bb15eeb7535b681e31660f065bb09
                                                                                                                                          • Instruction Fuzzy Hash: FE21F1B26087409FE314CF29C845B56BBE4FB84718F054A5DE58A8B781D7B8E404CBA6
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3D1710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3D179E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3D17B5
                                                                                                                                            • Part of subcall function 6D3D13A0: std::_Xinvalid_argument.LIBCPMT ref: 6D3D13BE
                                                                                                                                            • Part of subcall function 6D3D13A0: _memmove.LIBCMT ref: 6D3D1431
                                                                                                                                            • Part of subcall function 6D3D13A0: _memmove.LIBCMT ref: 6D3D1456
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _memmove$Exception@8ThrowXinvalid_argumentstd::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2097953723-3383511498
                                                                                                                                          • Opcode ID: 4753d4d749b435c132794fc4f8151dcabfa306c324fa5fda12d1af0b8081f667
                                                                                                                                          • Instruction ID: ab656f78885baa651222254782648611941bc0d6042d7c591fd8b3e43c2e39e5
                                                                                                                                          • Opcode Fuzzy Hash: 4753d4d749b435c132794fc4f8151dcabfa306c324fa5fda12d1af0b8081f667
                                                                                                                                          • Instruction Fuzzy Hash: 66117C766087068BD360DF44D881B67B3E4FF64318F04893DD9AA87651D771E909CFA2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D380150 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D374010: std::_Xinvalid_argument.LIBCPMT ref: 6D37402A
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D380201
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          • OutputStringPointer, xrefs: 6D38018C
                                                                                                                                          • StringSink: OutputStringPointer not specified, xrefs: 6D38019B
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
                                                                                                                                          • String ID: OutputStringPointer$StringSink: OutputStringPointer not specified
                                                                                                                                          • API String ID: 3718517217-1331214609
                                                                                                                                          • Opcode ID: 493d1eb1c8fd7342f08b79566f36ec894fd62a72b03ed5ec937adeb6111323b0
                                                                                                                                          • Instruction ID: 6927ab79700ca213d9796225d96d55cf37de10d0eabf9887e92a6a70bed8c6bf
                                                                                                                                          • Opcode Fuzzy Hash: 493d1eb1c8fd7342f08b79566f36ec894fd62a72b03ed5ec937adeb6111323b0
                                                                                                                                          • Instruction Fuzzy Hash: 07217FB1D0428CAFCB14DFD8D890BADFBB4EB18314F10826AE921A7282DB356904CB54
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3D15B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3D1640
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3D1657
                                                                                                                                            • Part of subcall function 6D3D1250: std::_Xinvalid_argument.LIBCPMT ref: 6D3D126E
                                                                                                                                            • Part of subcall function 6D3D1250: _memmove.LIBCMT ref: 6D3D12E0
                                                                                                                                            • Part of subcall function 6D3D1250: _memmove.LIBCMT ref: 6D3D1305
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _memmove$Exception@8ThrowXinvalid_argumentstd::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2097953723-3383511498
                                                                                                                                          • Opcode ID: e51d831633d0641d0daab820cc4d1bef5bdab74899454e059515726a0f2b2992
                                                                                                                                          • Instruction ID: b142bba05db405a4f4255d249b3ca9b1b9468f4565e65ed295741a9c6931fb0e
                                                                                                                                          • Opcode Fuzzy Hash: e51d831633d0641d0daab820cc4d1bef5bdab74899454e059515726a0f2b2992
                                                                                                                                          • Instruction Fuzzy Hash: 4921AC7210870A9FD364DF45C841B62B3E5FF44304F04896CDAAA87681DB72F915CFA6
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3D17C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3D184F
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3D1866
                                                                                                                                            • Part of subcall function 6D3D13A0: std::_Xinvalid_argument.LIBCPMT ref: 6D3D13BE
                                                                                                                                            • Part of subcall function 6D3D13A0: _memmove.LIBCMT ref: 6D3D1431
                                                                                                                                            • Part of subcall function 6D3D13A0: _memmove.LIBCMT ref: 6D3D1456
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _memmove$Exception@8ThrowXinvalid_argumentstd::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2097953723-3383511498
                                                                                                                                          • Opcode ID: c1f49e84a88878a6edb893f1a158add2e3a3e6233683a0a0867995e140d81205
                                                                                                                                          • Instruction ID: e6449e731f94172e6ac2e9d13fd76deed1c781ca919809ee84b662f16a40af52
                                                                                                                                          • Opcode Fuzzy Hash: c1f49e84a88878a6edb893f1a158add2e3a3e6233683a0a0867995e140d81205
                                                                                                                                          • Instruction Fuzzy Hash: 37119A76604B068FD360CF18C881B67B3F5FB94704F14892CD9A683641D771E809CEA2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D383B30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D383BA9
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D383BBE
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 757275642-3383511498
                                                                                                                                          • Opcode ID: 7a247a4776b42e4cb2266767e797e9be3fd2f47be40a40a632b04644ff526e37
                                                                                                                                          • Instruction ID: 71cde4a7e44a995c6442ea8422f7d6dba6797387b6ddea3b2cba20519e58aa55
                                                                                                                                          • Opcode Fuzzy Hash: 7a247a4776b42e4cb2266767e797e9be3fd2f47be40a40a632b04644ff526e37
                                                                                                                                          • Instruction Fuzzy Hash: 021136B59042089FCB04CF99D894AAEB7F8BF48310F1185AEE91997351D770AA04CBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D383BD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D383C49
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D383C5E
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 757275642-3383511498
                                                                                                                                          • Opcode ID: b69945e913a6843c4d3be261d98891e7527bbdff6465df6f82e4bbb2bcdf10a5
                                                                                                                                          • Instruction ID: 6ce5a98691a1a96f9782f886f7468c522ed28fae25df38f99b0b7e84b43bc97d
                                                                                                                                          • Opcode Fuzzy Hash: b69945e913a6843c4d3be261d98891e7527bbdff6465df6f82e4bbb2bcdf10a5
                                                                                                                                          • Instruction Fuzzy Hash: 54113AB59043089FCB04CF99D480AAEB7F4BF48310F1185ADE91597351D770AA04CBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3D1660 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3D16F3
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3D170A
                                                                                                                                            • Part of subcall function 6D3D1250: std::_Xinvalid_argument.LIBCPMT ref: 6D3D126E
                                                                                                                                            • Part of subcall function 6D3D1250: _memmove.LIBCMT ref: 6D3D12E0
                                                                                                                                            • Part of subcall function 6D3D1250: _memmove.LIBCMT ref: 6D3D1305
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: _memmove$Exception@8ThrowXinvalid_argumentstd::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2097953723-3383511498
                                                                                                                                          • Opcode ID: b68b36e784d208346ccadd4f333d65305cb4373aabc614264d3ad15a746990a1
                                                                                                                                          • Instruction ID: 1869c305c38032181fb44a8c50ca381d0db3b1bcd9458fb5e481be7e5068ac29
                                                                                                                                          • Opcode Fuzzy Hash: b68b36e784d208346ccadd4f333d65305cb4373aabc614264d3ad15a746990a1
                                                                                                                                          • Instruction Fuzzy Hash: B0219A722087028FD360CF48C591B66B3F5FF98304F09892CD9A687281D772E809CE62
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D389840 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3898A6
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3898BB
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 4063778783-3383511498
                                                                                                                                          • Opcode ID: 37a39686b43a5ba638c9f816da27674aac95b6ef4cb8763363b1ede907dd90fa
                                                                                                                                          • Instruction ID: 552eb38483e898d782176af768b459d22796d78b8e099ab5512a6001a6316537
                                                                                                                                          • Opcode Fuzzy Hash: 37a39686b43a5ba638c9f816da27674aac95b6ef4cb8763363b1ede907dd90fa
                                                                                                                                          • Instruction Fuzzy Hash: 791135B6900208AFCB44CF89D4819DEBBF8EF58310F15C0AAE9089B351D770EA00CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D374620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D374636
                                                                                                                                            • Part of subcall function 6D3D9125: std::exception::exception.LIBCMT ref: 6D3D913A
                                                                                                                                            • Part of subcall function 6D3D9125: __CxxThrowException@8.LIBCMT ref: 6D3D914F
                                                                                                                                            • Part of subcall function 6D3D9125: std::exception::exception.LIBCMT ref: 6D3D9160
                                                                                                                                          • _memmove.LIBCMT ref: 6D37466F
                                                                                                                                          Strings
                                                                                                                                          • invalid string position, xrefs: 6D374631
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                                                          • String ID: invalid string position
                                                                                                                                          • API String ID: 1785806476-1799206989
                                                                                                                                          • Opcode ID: 67b3e7da32157bdb62f8886555306df0ac2b86effcd3d158f6d357ce0f86f895
                                                                                                                                          • Instruction ID: 87157cb67b418f3023a757aaf4018ac46ec4222af797025a4b662a65b26aba9e
                                                                                                                                          • Opcode Fuzzy Hash: 67b3e7da32157bdb62f8886555306df0ac2b86effcd3d158f6d357ce0f86f895
                                                                                                                                          • Instruction Fuzzy Hash: 2201D632314A408BD3318DACEC90A1AF7AEFBD9714B24892DD195CB701D6B5FC41C7A5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3959D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D395A55
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D395A6A
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 757275642-3383511498
                                                                                                                                          • Opcode ID: 4c3f36fdfc6218be11775a6b1b740656736d690c88de09f7d2d3c2d50b088dd1
                                                                                                                                          • Instruction ID: 31f962cf8489418802632685bfc19d1618910c2af323a69d34992540be6be31b
                                                                                                                                          • Opcode Fuzzy Hash: 4c3f36fdfc6218be11775a6b1b740656736d690c88de09f7d2d3c2d50b088dd1
                                                                                                                                          • Instruction Fuzzy Hash: 0E1137B59003099FCB04CF99D884AAEBBF4BF48300F0185AEE9199B351D770EA04CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D395950 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3959A6
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3959BB
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 4063778783-3383511498
                                                                                                                                          • Opcode ID: 22ac0281797e6edf8044902554debfec93181c73d4a8d7fb8bf05221c7dbfb28
                                                                                                                                          • Instruction ID: 7ade0b59fec84b9db9f9a7c95df5a60ee8309ea7478191708375ee8aa3278735
                                                                                                                                          • Opcode Fuzzy Hash: 22ac0281797e6edf8044902554debfec93181c73d4a8d7fb8bf05221c7dbfb28
                                                                                                                                          • Instruction Fuzzy Hash: E8F08172904108ABDF04DF95D844ADEB7B8FB18314F41C069EE58AB240D770A609CBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39DBC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D39DC16
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D39DC2B
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 4063778783-3383511498
                                                                                                                                          • Opcode ID: 91d22fa9509930e10dc1ba8088bbb880e970a56bd78b77306bbd0f8646e8c41d
                                                                                                                                          • Instruction ID: 0a4ab35b27ced36615c2126f92f9472ea7f8a1b91f292e9395d42a39ed753753
                                                                                                                                          • Opcode Fuzzy Hash: 91d22fa9509930e10dc1ba8088bbb880e970a56bd78b77306bbd0f8646e8c41d
                                                                                                                                          • Instruction Fuzzy Hash: 44F08172D04108ABDF04DF95D845ADEB7B8FF58304F41C065EE18AB240D770A609CBE1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3AACA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • type_info::operator!=.LIBCMT ref: 6D3AACF8
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: type_info::operator!=
                                                                                                                                          • String ID: Modulus$PublicExponent
                                                                                                                                          • API String ID: 2241493438-3324115277
                                                                                                                                          • Opcode ID: 2225d02edb391aa279c8e3dabe6a19a02efa14a3abfc80a2bf56446857abfd33
                                                                                                                                          • Instruction ID: a21df9742c796740a342f0ce67e36203d02077324ea8fbcc269cba29c97be058
                                                                                                                                          • Opcode Fuzzy Hash: 2225d02edb391aa279c8e3dabe6a19a02efa14a3abfc80a2bf56446857abfd33
                                                                                                                                          • Instruction Fuzzy Hash: 0C110232A18304AFC340DF38894495BFBE4EFD6248F05862EF9C19B251DB31D848CBA2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3CB7F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • type_info::operator!=.LIBCMT ref: 6D3CB848
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: type_info::operator!=
                                                                                                                                          • String ID: Modulus$PublicExponent
                                                                                                                                          • API String ID: 2241493438-3324115277
                                                                                                                                          • Opcode ID: f78bbdca1b82a4355eff728a4b9189e0708c932f55f02e26e4389476a8937039
                                                                                                                                          • Instruction ID: a0dcb2e8bf420b11da59db63d131a3e91cf8b02bb24d60b427884a754e3215ae
                                                                                                                                          • Opcode Fuzzy Hash: f78bbdca1b82a4355eff728a4b9189e0708c932f55f02e26e4389476a8937039
                                                                                                                                          • Instruction Fuzzy Hash: AA11E031A193849EC700DF28894495BFBE4AFDA248F01466EF9856B251EB319C49CBE7
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3A8E40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3DADFC: __aligned_offset_malloc.LIBCMT ref: 6D3DAE09
                                                                                                                                            • Part of subcall function 6D3D91F6: std::_Lockit::_Lockit.LIBCPMT ref: 6D3D9202
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3A8E98
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3A8EAF
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8LockitLockit::_Throw__aligned_offset_mallocstd::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2477145047-3383511498
                                                                                                                                          • Opcode ID: e2a8c66e7e75b006ca6b7d8fcaccdf2637eed7da3e583dba1221da064c7203a9
                                                                                                                                          • Instruction ID: a912e92682dac2c527b09b2d6b6bf9370e7f186feaa4c626dddf559b54bb07bf
                                                                                                                                          • Opcode Fuzzy Hash: e2a8c66e7e75b006ca6b7d8fcaccdf2637eed7da3e583dba1221da064c7203a9
                                                                                                                                          • Instruction Fuzzy Hash: 93F0F67390835967D240DF545D26FAF32B89F94614F09482CFA9492142FB729519C9F3
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3AB5F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D3AB605
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D90ED
                                                                                                                                            • Part of subcall function 6D3D90D8: __CxxThrowException@8.LIBCMT ref: 6D3D9102
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D9113
                                                                                                                                          • _memmove.LIBCMT ref: 6D3AB634
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                                                          • String ID: vector<T> too long
                                                                                                                                          • API String ID: 1785806476-3788999226
                                                                                                                                          • Opcode ID: 0c6fa910535b695f2e98bd9a09483dd7c20194d1db49727093c1862551766dfd
                                                                                                                                          • Instruction ID: ceae6ef15d162452d54b96608ef77779e8121e2b91b77fc0b4b11312b5a9cbb0
                                                                                                                                          • Opcode Fuzzy Hash: 0c6fa910535b695f2e98bd9a09483dd7c20194d1db49727093c1862551766dfd
                                                                                                                                          • Instruction Fuzzy Hash: B801A7B26042099FD324DFA9DC91C6BB3D8EF542547198A3DE99BC3660E771F904CB60
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D388400 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D388449
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D38845E
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 4063778783-3383511498
                                                                                                                                          • Opcode ID: fbf1fdb3805d03e2913fc86e66c23c8194cc7f9c49a4b76dd4532b623422b054
                                                                                                                                          • Instruction ID: 4fae1fa8db546337deb373b2e4959ed443f9ac23d7c5182c4897f6ba17f5f89c
                                                                                                                                          • Opcode Fuzzy Hash: fbf1fdb3805d03e2913fc86e66c23c8194cc7f9c49a4b76dd4532b623422b054
                                                                                                                                          • Instruction Fuzzy Hash: 7301C875904208AFC708DF54D490CAAB7B5EF98300B51C1BDD95A4B751DB31EA05CF91
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3D4230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D3D4241
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D90ED
                                                                                                                                            • Part of subcall function 6D3D90D8: __CxxThrowException@8.LIBCMT ref: 6D3D9102
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D9113
                                                                                                                                          • _memmove.LIBCMT ref: 6D3D4277
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                                                          • String ID: vector<bool> too long
                                                                                                                                          • API String ID: 1785806476-842332957
                                                                                                                                          • Opcode ID: 89a423ff3c793b135b410a8a9b641f45c1b431aedac5262834485b49141382b1
                                                                                                                                          • Instruction ID: b09f45010162ecca7bdbececea37c78fcfb80a90125fbdd46a268f2eb1edc64f
                                                                                                                                          • Opcode Fuzzy Hash: 89a423ff3c793b135b410a8a9b641f45c1b431aedac5262834485b49141382b1
                                                                                                                                          • Instruction Fuzzy Hash: C301F773A041055BC754CFA9DCD18BEF3A9FB84394F51422AE51687644E735A905CBA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3D3840 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 6D3D3855
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D90ED
                                                                                                                                            • Part of subcall function 6D3D90D8: __CxxThrowException@8.LIBCMT ref: 6D3D9102
                                                                                                                                            • Part of subcall function 6D3D90D8: std::exception::exception.LIBCMT ref: 6D3D9113
                                                                                                                                          • _memmove.LIBCMT ref: 6D3D3880
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
                                                                                                                                          • String ID: vector<T> too long
                                                                                                                                          • API String ID: 1785806476-3788999226
                                                                                                                                          • Opcode ID: a296e38e45b7f91ee990a0428fb6b39a8f55e0fbaf150d3aa9e3f5e03b73e2c8
                                                                                                                                          • Instruction ID: 96e0064b74333f73bb9e349cc18727e6d4940f7b5df07fb6291374d9aead70f1
                                                                                                                                          • Opcode Fuzzy Hash: a296e38e45b7f91ee990a0428fb6b39a8f55e0fbaf150d3aa9e3f5e03b73e2c8
                                                                                                                                          • Instruction Fuzzy Hash: 29018FB25047099FD324DFA9DC94C6BB3E8EF442107258A3DE5AAD3650EA70FC048F60
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D395CA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D395CC8
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D395CDD
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: ef4936d984193cbb16e4b4d2343e26cbc857238b2394ac427703864274c504be
                                                                                                                                          • Instruction ID: 080f3a3793640d16c9912b37afa84d89c9963eacd7be830ae7849553abc8d37f
                                                                                                                                          • Opcode Fuzzy Hash: ef4936d984193cbb16e4b4d2343e26cbc857238b2394ac427703864274c504be
                                                                                                                                          • Instruction Fuzzy Hash: 980108B69047049FC318DF59D541D96BBF4BF58310B11C6AAD8498B321E730EA45CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39DEF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D39DF18
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D39DF2D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 20d1b6e4411197fea3624d35b04c026d03f8e5d14b127de6b717451ded4723ce
                                                                                                                                          • Instruction ID: f4dec1586d5517b028cf946d985cd0f0e3b28a78824c7048e9d375d2051b0b48
                                                                                                                                          • Opcode Fuzzy Hash: 20d1b6e4411197fea3624d35b04c026d03f8e5d14b127de6b717451ded4723ce
                                                                                                                                          • Instruction Fuzzy Hash: 22011AB69147049FD718CF59D441C97BBF4AF58350B12C2AAD84A8B725E730EA05CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D395D30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D395D58
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D395D6D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 09aedd1e6d5559cb9dbdb85bf324dff90481f4b7a71dbbccceb9306a031a8266
                                                                                                                                          • Instruction ID: 40c1d9018ea67373e31ee193e9725e3356b902fbf9415f5b94a1b674524d06d0
                                                                                                                                          • Opcode Fuzzy Hash: 09aedd1e6d5559cb9dbdb85bf324dff90481f4b7a71dbbccceb9306a031a8266
                                                                                                                                          • Instruction Fuzzy Hash: E2014BB69047089FC714CF59D445D97BBF8AF48350B01C2AAD8498B321EB30EA04CFE1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39DDF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D39DE18
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D39DE2D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: c92ea46857dfe2c11434bba475717a6c620e131c721cbe77961fdb8fa2569902
                                                                                                                                          • Instruction ID: 4caa6ef9f7362888c1c50e75167b7e978d17882a8c13a3e38a3898cd661a3db9
                                                                                                                                          • Opcode Fuzzy Hash: c92ea46857dfe2c11434bba475717a6c620e131c721cbe77961fdb8fa2569902
                                                                                                                                          • Instruction Fuzzy Hash: F0014FB59047089FC314CF59D441C97BBF4AF58350B05C2AAD8498B721E770EA04CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D395C20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D395C48
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D395C5D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 8f0b4b322fae220122345495009ef6c20c09b74b2e5a170db5a81d14a13132bf
                                                                                                                                          • Instruction ID: 284dd1b5fa360410b8f4986e8a37614b485c721c0ef2c39d385bf184846813bf
                                                                                                                                          • Opcode Fuzzy Hash: 8f0b4b322fae220122345495009ef6c20c09b74b2e5a170db5a81d14a13132bf
                                                                                                                                          • Instruction Fuzzy Hash: E0014BB69047099FC718DF59D541C97BBF8AF48350B05C2AAD8498B321EB30EA04CFE1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39DFA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D39DFC8
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D39DFDD
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 901e37562ed07d54e183452c342dad9d5e5e6dc3971877aedd00bdcc709cd02e
                                                                                                                                          • Instruction ID: 0b4d0f1251583ebc20b93d5274e5548c6c595bc82e0d9bc077118424314170cb
                                                                                                                                          • Opcode Fuzzy Hash: 901e37562ed07d54e183452c342dad9d5e5e6dc3971877aedd00bdcc709cd02e
                                                                                                                                          • Instruction Fuzzy Hash: 89014FB69047049FC714CF59D441C97BBF4AF48310B11C2AAD84A8B321F730EA04CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D389B90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D389BB8
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D389BCD
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: e106bf9abf16e81ee2f1b6dc651b85927d51afe62c88f62516491905768cba70
                                                                                                                                          • Instruction ID: 11c48a1a3a7d65c2c986f1825061925945a20edb6e36473eccae73d121f4b443
                                                                                                                                          • Opcode Fuzzy Hash: e106bf9abf16e81ee2f1b6dc651b85927d51afe62c88f62516491905768cba70
                                                                                                                                          • Instruction Fuzzy Hash: 44014BB69047089FC314CF99D441C9BBBF8EF58310B05C6AAD84987321EB70EA04CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3DBFB4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3DABC3: __getptd.LIBCMT ref: 6D3DABC9
                                                                                                                                            • Part of subcall function 6D3DABC3: __getptd.LIBCMT ref: 6D3DABD9
                                                                                                                                          • __getptd.LIBCMT ref: 6D3DBFC3
                                                                                                                                            • Part of subcall function 6D3DEAE6: __getptd_noexit.LIBCMT ref: 6D3DEAE9
                                                                                                                                            • Part of subcall function 6D3DEAE6: __amsg_exit.LIBCMT ref: 6D3DEAF6
                                                                                                                                          • __getptd.LIBCMT ref: 6D3DBFD1
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                                                          • String ID: csm
                                                                                                                                          • API String ID: 803148776-1018135373
                                                                                                                                          • Opcode ID: 86966626eb4e0d809bdbd7093bece3461dc5396f3a0cf366651c66bb381db945
                                                                                                                                          • Instruction ID: a3dde83cc9914c0760039398dc7cd46da33793831bf5b0f489bfd11feb82aecd
                                                                                                                                          • Opcode Fuzzy Hash: 86966626eb4e0d809bdbd7093bece3461dc5396f3a0cf366651c66bb381db945
                                                                                                                                          • Instruction Fuzzy Hash: 170169368183068FDBA48F61D441ABDF7B5BF0C311F61882EE091AA290CB72C692DF51
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D386970 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D386998
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3869AD
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 167d9d80e6e12521afdbf8aa58e400db75dd501ee700794ca77ec5db0bbe3586
                                                                                                                                          • Instruction ID: 0cbc0d1896cf6a82ffaf6f787fa62d228fd0cd68e14eeaf61e64435bf660f2e4
                                                                                                                                          • Opcode Fuzzy Hash: 167d9d80e6e12521afdbf8aa58e400db75dd501ee700794ca77ec5db0bbe3586
                                                                                                                                          • Instruction Fuzzy Hash: 13016DB29147089FC704CF55D441C96B7F8EF08350B01C2AAD94987361E730EA00CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D384B70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D384B98
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D384BAD
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 10b22233ab8128d05c58f96cde152350a5ac992f900c2913b082a66be543a6d1
                                                                                                                                          • Instruction ID: c4c083494adeca8cc308927c69cbdfb9d2382ba4d5d2db40368d583c182771b8
                                                                                                                                          • Opcode Fuzzy Hash: 10b22233ab8128d05c58f96cde152350a5ac992f900c2913b082a66be543a6d1
                                                                                                                                          • Instruction Fuzzy Hash: 66016DB29047089FC704CF95D445D97B7F8EF08310B01C1AAD94987321E770E900CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D384A30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D384A58
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D384A6D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: d33e23e55b434a51a499af5b65e382542bf96c6f474527dd04adf84ee68dc54f
                                                                                                                                          • Instruction ID: 6a661016e516b5cf16c499f2b19faa215779465c08e4a3f57e378f68a015f562
                                                                                                                                          • Opcode Fuzzy Hash: d33e23e55b434a51a499af5b65e382542bf96c6f474527dd04adf84ee68dc54f
                                                                                                                                          • Instruction Fuzzy Hash: B40181B29047089FC314CF95D441C97B7F8AF08350B01C1BAD9498B721E730EA00CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3A4270 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3A4298
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3A42AD
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: edbec6c0ec5c9d0c42118a4bd4e2efe9dc80552f47d33358630fc2aee1e7b2a0
                                                                                                                                          • Instruction ID: 0a1a25e45a663da7cee1f906f7fe623ecd38c7afe126b9e650be5d9e8d07d21e
                                                                                                                                          • Opcode Fuzzy Hash: edbec6c0ec5c9d0c42118a4bd4e2efe9dc80552f47d33358630fc2aee1e7b2a0
                                                                                                                                          • Instruction Fuzzy Hash: B1016DB29047089FC304CF95D445C96B7F8EF08350B05C1AAD94987320EB30EA00CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D384C10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D384C38
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D384C4D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 9c1753b9eedfe18a28ec55ced343b7c26a449dd6cbefee2c39e60f9919ab3623
                                                                                                                                          • Instruction ID: 7331ee5ce3e831c3726c3e5a5a9c4f59fbfc9c5538411c541680b1861c84532a
                                                                                                                                          • Opcode Fuzzy Hash: 9c1753b9eedfe18a28ec55ced343b7c26a449dd6cbefee2c39e60f9919ab3623
                                                                                                                                          • Instruction Fuzzy Hash: 51F06DB2904208AFC704DF99D445D9ABBF8AF18350B01C1BED95997221EB70EA00CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D384850 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D384878
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D38488D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 0bbec39f7a3ccf34cf81ef33d4b92a06225a01825030f13fd92949af37bad230
                                                                                                                                          • Instruction ID: 61cd813ad20bd6e0ed721afe7db6cd0eb5efe9ea7fe39341964854f0629b249d
                                                                                                                                          • Opcode Fuzzy Hash: 0bbec39f7a3ccf34cf81ef33d4b92a06225a01825030f13fd92949af37bad230
                                                                                                                                          • Instruction Fuzzy Hash: BBF06272904609AFC704DF95D441D9ABBF8AF18350B01C1BAD94997211EB71EA00CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D386A40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D386A68
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D386A7D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: f2fc3fb1cb8b0bc225a7c98a7492887f0ed681c5c95fde9f46b371d43483a20d
                                                                                                                                          • Instruction ID: efc84d7a4931eab790df6af0dfc2d32745ceaee590d7d68d20fbc2bd6ab97b8d
                                                                                                                                          • Opcode Fuzzy Hash: f2fc3fb1cb8b0bc225a7c98a7492887f0ed681c5c95fde9f46b371d43483a20d
                                                                                                                                          • Instruction Fuzzy Hash: 15F06DB2914208AFC744DF99D442D9ABBF8AF18354B01C1BADD4997221FB70EA00CFE1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D384AD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D384AF8
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D384B0D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 13b4080e38bb61acd2f199683a9d258ed224eae22deb7a5d4ac5687f8230dc8d
                                                                                                                                          • Instruction ID: c1ee2f4953628d4bd00db05577725ed20f5c04cfbd8f7989bcb0b7114791f782
                                                                                                                                          • Opcode Fuzzy Hash: 13b4080e38bb61acd2f199683a9d258ed224eae22deb7a5d4ac5687f8230dc8d
                                                                                                                                          • Instruction Fuzzy Hash: 9AF06272914208AFC704DF95D441D9AB7F8EF18350B01C17AD94A97211FB70E900CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D384540 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D384568
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D38457D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 235d494a13a8acbc8375e710ed3c2f8500d7be8ad1b30e1633df3f9cf956188e
                                                                                                                                          • Instruction ID: aee8b94860a6245802382bebd8d2b49543419f7105f2ea921ed54b551825c26f
                                                                                                                                          • Opcode Fuzzy Hash: 235d494a13a8acbc8375e710ed3c2f8500d7be8ad1b30e1633df3f9cf956188e
                                                                                                                                          • Instruction Fuzzy Hash: 3FF06272904209AFC704DF99D441D9BBBF8AF18354B01C17AE94A97211EB71EA00CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D384400 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D384428
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D38443D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: d9058459eb96c91524abc698fee20d487b40105addac1a7146a7a61ff3d80007
                                                                                                                                          • Instruction ID: 753bacc7edb4fc62479d9531d005309d6f2a9a4184b92a60a14d33fba4ad3211
                                                                                                                                          • Opcode Fuzzy Hash: d9058459eb96c91524abc698fee20d487b40105addac1a7146a7a61ff3d80007
                                                                                                                                          • Instruction Fuzzy Hash: E8F09672904209AFC704DF95D441D9BB7F8EF18350B01C17AD9499B711EB71EA00CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3844A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3844C8
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3844DD
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 54f5dcc6fbfa313f23d2227a141507cc1dcd1de119e05b225178ffe63afb42ef
                                                                                                                                          • Instruction ID: d77eed4fafe82e1a3f0f2e2e04c6e70cde9fbab67e68d9cf60079e26fada3ff9
                                                                                                                                          • Opcode Fuzzy Hash: 54f5dcc6fbfa313f23d2227a141507cc1dcd1de119e05b225178ffe63afb42ef
                                                                                                                                          • Instruction Fuzzy Hash: 35F06276904208AFC704DF95D441D9BB7F8AF18350B01C17AD94997621EB71E900CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D384780 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3847A8
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3847BD
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 5ef0fdd123daea54a8f64eb96892e7690ce73cbe1c47082b7661ccf876dac19f
                                                                                                                                          • Instruction ID: 508d4bde0a29a045e507993c139c9ad9dd8f420669e2d00c02df493219cfd9b5
                                                                                                                                          • Opcode Fuzzy Hash: 5ef0fdd123daea54a8f64eb96892e7690ce73cbe1c47082b7661ccf876dac19f
                                                                                                                                          • Instruction Fuzzy Hash: 71F04F76D04208AFD704DF95D841D9AB7F8AF18350F01C17AE95997211EB71E900CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3A4340 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3A4368
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3A437D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: b10f99dc3e9352ca4283015891a121b2e467f0fbbedc72cc8cc4980a6a07c493
                                                                                                                                          • Instruction ID: c6d47cc53b317741501f7a577a82313dbbca0c0f053d537f97a437d0365afa4d
                                                                                                                                          • Opcode Fuzzy Hash: b10f99dc3e9352ca4283015891a121b2e467f0fbbedc72cc8cc4980a6a07c493
                                                                                                                                          • Instruction Fuzzy Hash: F2F06DB2904208AFC704DF99D841D9ABBF8EF18354B05C1BAD94997260EB70EA00CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D395B20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D395B49
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D395B5E
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 508210697d3a1e6b31906d38618052191a41c9162be2358d1dc1e53ff51bf101
                                                                                                                                          • Instruction ID: 39db06bf451049d4a49c9db5fd6946e92b270276efa25309aed744e9ccae7171
                                                                                                                                          • Opcode Fuzzy Hash: 508210697d3a1e6b31906d38618052191a41c9162be2358d1dc1e53ff51bf101
                                                                                                                                          • Instruction Fuzzy Hash: CDF0B4B3D0410C6AD700EF95E841DDB7BB8AB15354F058179ED09AB140FB719A08CBE1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3A3050 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3A3078
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3A308D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: d013af90d9b476c50fb4db632b242156007d3c2831345618474282b9c118a4a4
                                                                                                                                          • Instruction ID: ad3fbb3b11f9f1258acf5c88e05059de0592be2a376aa7d1c5cc66be6d4005f5
                                                                                                                                          • Opcode Fuzzy Hash: d013af90d9b476c50fb4db632b242156007d3c2831345618474282b9c118a4a4
                                                                                                                                          • Instruction Fuzzy Hash: CEF06276904208AFC704DF95D445D9AB7F8EF18354B05C17AD94A97310EB71EA00CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D384CB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D384CD8
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D384CED
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: c347ef4106ccd75566bc056e718796eba5ae2787176670c8372a1c461ce8e220
                                                                                                                                          • Instruction ID: 3713a96ea1ecabaa95c948057342d6828462ea2b3c7c37e9cef490f5fbaaeeb7
                                                                                                                                          • Opcode Fuzzy Hash: c347ef4106ccd75566bc056e718796eba5ae2787176670c8372a1c461ce8e220
                                                                                                                                          • Instruction Fuzzy Hash: 18F03072904209AFD704DF99E541D9A77FCAF18344F01C17AD94997251EB71AA00CBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D384980 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3849A8
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3849BD
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: e9db3617885248a8c5998c4c5d094e9acb8a83c36e801a1b0a5b25811be4dbd5
                                                                                                                                          • Instruction ID: 117e5687fbc23eb4d519e250214e4bb6def6cdc4210d4d0bbcb49b029c3a190b
                                                                                                                                          • Opcode Fuzzy Hash: e9db3617885248a8c5998c4c5d094e9acb8a83c36e801a1b0a5b25811be4dbd5
                                                                                                                                          • Instruction Fuzzy Hash: C5F05472D04209AFD704DF95D441D9A77F8AF19344F01C27AD94997251EB71EA00CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3868B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3868D8
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3868ED
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 619e7d42fa32ce6906ad08e6ce1db591e74eec14da2e67486e5bfe1d43685001
                                                                                                                                          • Instruction ID: ca46a5c553fe6b38ef90e84002dd37dab03b55ade4526b84b9d080a2dd6a0951
                                                                                                                                          • Opcode Fuzzy Hash: 619e7d42fa32ce6906ad08e6ce1db591e74eec14da2e67486e5bfe1d43685001
                                                                                                                                          • Instruction Fuzzy Hash: E2F09072914309AFD304DF98E452D9A7BF8AF14340B01C17AD94997211EB30EA00CFE1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3845E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D384608
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D38461D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 64885a38ca9a69f87b1b44a3cb83fa934f92703bfe8b39eb3af84305c8eff770
                                                                                                                                          • Instruction ID: d5ff96eba641747e83ecd6a8eac1372e43c7737335349efea3578b824542856c
                                                                                                                                          • Opcode Fuzzy Hash: 64885a38ca9a69f87b1b44a3cb83fa934f92703bfe8b39eb3af84305c8eff770
                                                                                                                                          • Instruction Fuzzy Hash: 4DF09072804208ABD304DF94D851D9A77F8AF18340F01C17AD94A97211EB31AA00CBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3867F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D386818
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D38682D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 6550fa60605e67a17f9e9c2df23b1d14418da1fd488be2defd13acd7b7536a3e
                                                                                                                                          • Instruction ID: 4912af7720c5a3e2f7a33c5772af258dd910d9d7796bc06c91c423983016bf45
                                                                                                                                          • Opcode Fuzzy Hash: 6550fa60605e67a17f9e9c2df23b1d14418da1fd488be2defd13acd7b7536a3e
                                                                                                                                          • Instruction Fuzzy Hash: A9F09072814208AFD704DF94D552D9A77F8AF54344F01C17AD94D97211EB30EA00CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3846F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D384718
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D38472D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 3e535986f5eebc8335653f5c29d14fce42241980fb45829906ee5d383bf8a214
                                                                                                                                          • Instruction ID: 52591b5fe7b7cf7a45321edab46bc6b900cc3804c6d519fd2c2b38ca9bff69b0
                                                                                                                                          • Opcode Fuzzy Hash: 3e535986f5eebc8335653f5c29d14fce42241980fb45829906ee5d383bf8a214
                                                                                                                                          • Instruction Fuzzy Hash: 2AF09072C04209AFD304DF94D841D9A77F8AF19340F41C17AE9499B211FB31AA00CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3A41B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3A41D8
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3A41ED
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 90370f0ff749fcf59ae88d690adf6fbc35667e5bf95248d1b8b5352e56d228b3
                                                                                                                                          • Instruction ID: e869745b8f6c1c4278fa8a044de25fa26dcc1bdc63605d21f353c5638d22be5d
                                                                                                                                          • Opcode Fuzzy Hash: 90370f0ff749fcf59ae88d690adf6fbc35667e5bf95248d1b8b5352e56d228b3
                                                                                                                                          • Instruction Fuzzy Hash: 7AF03072904209ABD704DF99D841D9A77F8EF19344B05C17AD94997251EB71AA00CBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D384360 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D384388
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D38439D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 42439f09456bfe3dc0bc3bbc75deefdc695c37a8928481fa54b2ecf7cf0e72c7
                                                                                                                                          • Instruction ID: 1493a8b8d50b75b6e4cbac839f4bf191e6c771f3ab19ccc0c690b1b21de426bc
                                                                                                                                          • Opcode Fuzzy Hash: 42439f09456bfe3dc0bc3bbc75deefdc695c37a8928481fa54b2ecf7cf0e72c7
                                                                                                                                          • Instruction Fuzzy Hash: E3F0B472804208AFD304DF95D841D9B77F8AF18340F01C17AD94997311EB71EA00CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D384240 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D384268
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D38427D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 0df378a3173fdf104d65a8574a80437e552b3a39797994a43998f628bec017ed
                                                                                                                                          • Instruction ID: 1db7242079a416a2129d7a81f193a7f622d95aa4d8f98d52e875d546614b5f01
                                                                                                                                          • Opcode Fuzzy Hash: 0df378a3173fdf104d65a8574a80437e552b3a39797994a43998f628bec017ed
                                                                                                                                          • Instruction Fuzzy Hash: CFF03072908209ABD704DF99D841D9AB7FCAF18344F01C17AD94997251EB71AA00CBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3842D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3842F8
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D38430D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 18766d06c758c03edf02fbdf2897631f29c428cb50e428283e3e479a09473ef2
                                                                                                                                          • Instruction ID: 03daf8618053cd074f5df3588ce7b59a1cde5cadaf382d435b94d1361e61fb9a
                                                                                                                                          • Opcode Fuzzy Hash: 18766d06c758c03edf02fbdf2897631f29c428cb50e428283e3e479a09473ef2
                                                                                                                                          • Instruction Fuzzy Hash: 00F05472904209AFD704DF95D941D9A77F8AF18344F01C17AE949A7251FB71EA10CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39DD50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D39DD78
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D39DD8D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 315448610862c8365fb76145ad574ca18ac5aa8287c2e1c097301749df8c9303
                                                                                                                                          • Instruction ID: 008f4bd477071da08ed0e443dc94ef0d748fbb7e0090ac72346a0f5a94ebbf28
                                                                                                                                          • Opcode Fuzzy Hash: 315448610862c8365fb76145ad574ca18ac5aa8287c2e1c097301749df8c9303
                                                                                                                                          • Instruction Fuzzy Hash: B3F054B2905209AFD704DF95E442D9A7BF8AF15344F01C17AD94A9B250FB71EA00CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D395BB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D395BD8
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D395BED
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 8c5e328c198a37c134eac811873f790edf6895ad9e9ae56bfc40ce3d6f6570b9
                                                                                                                                          • Instruction ID: f5f411be4e2fd60762d2435c41f1ea8300ec558b0629d1540b767753ec61e78d
                                                                                                                                          • Opcode Fuzzy Hash: 8c5e328c198a37c134eac811873f790edf6895ad9e9ae56bfc40ce3d6f6570b9
                                                                                                                                          • Instruction Fuzzy Hash: 63F030B2904209ABD704DF99D841DAAB7F8AF14344F01C17AD9499B250FB71AA40CBA5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D384D70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D384D98
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D384DAD
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 1df5a52c7bc764f98f47246d343139d835640b7bd1a4f05ba10dd91987d35f11
                                                                                                                                          • Instruction ID: 7acf57e01673c0345c9dcd57cb52a485a63769c6b87ce5f839beb958dfff3b41
                                                                                                                                          • Opcode Fuzzy Hash: 1df5a52c7bc764f98f47246d343139d835640b7bd1a4f05ba10dd91987d35f11
                                                                                                                                          • Instruction Fuzzy Hash: 80F08273814209ABD700DF98D805DDA77FCAF19344F41C17AE94597201EB709A048BE1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D38ADE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D38AE08
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D38AE1D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: a734715d1e5db77a33e97a4083a74f83199e44c8abbba39bc6e01310c61efb69
                                                                                                                                          • Instruction ID: 4f190411f77c364b643947d53c8b68b632f6ab4f26e58079455c55608593475d
                                                                                                                                          • Opcode Fuzzy Hash: a734715d1e5db77a33e97a4083a74f83199e44c8abbba39bc6e01310c61efb69
                                                                                                                                          • Instruction Fuzzy Hash: F0F082728142086FD700DF98E801D9B77B8AF14344F05C17AE94597251EB70AA048BA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D384E00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D384E28
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D384E3D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: f9b918b80553d96ac0c8959c3fe84b048587f0741f5c396063a14d4f0900b721
                                                                                                                                          • Instruction ID: fc173b337fbdc7b69c7963281620fd8519325ea383ffd8ef57b76965b03c72af
                                                                                                                                          • Opcode Fuzzy Hash: f9b918b80553d96ac0c8959c3fe84b048587f0741f5c396063a14d4f0900b721
                                                                                                                                          • Instruction Fuzzy Hash: 55F0A7768182096AC701DF98E841DDB7BBC5F19344F05C1B9EA4597241EB71AA048BF2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D38AE50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D38AE78
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D38AE8D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 00d75b49b1ccaf6655d1863828120d301d236345ac74bc5b742b57dfad41d85a
                                                                                                                                          • Instruction ID: 0564d84c4a08f44fb5b7c90aadd1ce274ccbccdaa2a30454ae5ad245638f7ef4
                                                                                                                                          • Opcode Fuzzy Hash: 00d75b49b1ccaf6655d1863828120d301d236345ac74bc5b742b57dfad41d85a
                                                                                                                                          • Instruction Fuzzy Hash: A2F082728083086BD700DF98D801D9B77B8AF14344F05C17AE94997241EB70AA048BE1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D384E80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D384EA8
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D384EBD
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: d37331c3458bc2f18161ae251cbac09a02e5eb9c49507e481ca107e50d419bc8
                                                                                                                                          • Instruction ID: d5b3045ca1a9351a6609788f2d528fb3b71465132f803c751515ad68d3792a99
                                                                                                                                          • Opcode Fuzzy Hash: d37331c3458bc2f18161ae251cbac09a02e5eb9c49507e481ca107e50d419bc8
                                                                                                                                          • Instruction Fuzzy Hash: F0F08272D142086BD700DF98D801DDB77BCAF18344F05C27AE94597241EB70AA048BA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39E980 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D39E9A8
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D39E9BD
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: b36fe27b137d5cd7c1559575c60e1f6cb31f3faa7b6f4d4ac37567cb13bcded9
                                                                                                                                          • Instruction ID: 8ac805abb925dd35e894c41870d711503cba0dbf1da86cacbe46a7a1a7278a91
                                                                                                                                          • Opcode Fuzzy Hash: b36fe27b137d5cd7c1559575c60e1f6cb31f3faa7b6f4d4ac37567cb13bcded9
                                                                                                                                          • Instruction Fuzzy Hash: 0BF027728082086AC300DFA8D801DDA7BB86F19344F00C1B9E9899B200FB709A048BF2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39E850 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D39E878
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D39E88D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: baaeb810fd62450519fc4bfc6b5ec1a4a206d1f4d3c75dd34b6e46258ad58104
                                                                                                                                          • Instruction ID: f4d31f9b41852e7c8bae3a1f273ab85187bd40b9754fd4557ea2734dfdb092de
                                                                                                                                          • Opcode Fuzzy Hash: baaeb810fd62450519fc4bfc6b5ec1a4a206d1f4d3c75dd34b6e46258ad58104
                                                                                                                                          • Instruction Fuzzy Hash: 7BF0A777C082096AD704DFD8E841DDA7FF86F19344F05C1B9E9899B251FB719A048BB2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3848F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D384918
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D38492D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: c7fab467b20aa7b3f5047031bb537c200b2c86e41d359aa2c6b95d2549cde114
                                                                                                                                          • Instruction ID: af46d230b88a0d8650cc1e354265f1583d7188802ecf415f7edb25053fdf2ad1
                                                                                                                                          • Opcode Fuzzy Hash: c7fab467b20aa7b3f5047031bb537c200b2c86e41d359aa2c6b95d2549cde114
                                                                                                                                          • Instruction Fuzzy Hash: B2F082728042086BD700DF98D841D9B77BCAF59344F01C17AE94597201FB709A048FE1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D39E8D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D39E8F8
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D39E90D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 7b1d790518f30df3244420eb2033e68970c97e337641b29f3e206a73d0d147cc
                                                                                                                                          • Instruction ID: 4010c7cc4617b3aee85dd2b8177292aa6b44444851258e71f63838772d207edf
                                                                                                                                          • Opcode Fuzzy Hash: 7b1d790518f30df3244420eb2033e68970c97e337641b29f3e206a73d0d147cc
                                                                                                                                          • Instruction Fuzzy Hash: F3F027768082086AC700DFA8D801DDB7BB86F18344F00C1B9E9859B201FB709A04CBB2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D386B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D386B38
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D386B4D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 7d8c088b675a39155c4e27a9466eeec1a20f19efed331c71f70866aaff214908
                                                                                                                                          • Instruction ID: 11995901807c7ebabb0388d82e3372aa19127f3bc39613049f5f57f2dbd047f1
                                                                                                                                          • Opcode Fuzzy Hash: 7d8c088b675a39155c4e27a9466eeec1a20f19efed331c71f70866aaff214908
                                                                                                                                          • Instruction Fuzzy Hash: AFF082728142086BD700DFD9D956DDA77B8AF54344F01C17AE94997201EB70DA048FE1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D38C420 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D38C448
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D38C45D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 22b8bb34d6bbe43853607140731b8d495947f1fe271628f323882326064a99e8
                                                                                                                                          • Instruction ID: 6e690908b7d6b48b9cfb5b2b9792610238694d9ca99a37982df080c5c285479d
                                                                                                                                          • Opcode Fuzzy Hash: 22b8bb34d6bbe43853607140731b8d495947f1fe271628f323882326064a99e8
                                                                                                                                          • Instruction Fuzzy Hash: 2CF082768042096BD701DF98D801DAA77B8AF14744F01C27AE94997201EB709A048FA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D386740 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D386768
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D38677D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 6ac1e31a68f58d0b165c934f0e456258955b761443dc5c6c8afd913b8a64a4f4
                                                                                                                                          • Instruction ID: dbaa600d9df48c67991b2db84fd33cd9d512364ae1ccf8ba2e5d2971f4e6ab08
                                                                                                                                          • Opcode Fuzzy Hash: 6ac1e31a68f58d0b165c934f0e456258955b761443dc5c6c8afd913b8a64a4f4
                                                                                                                                          • Instruction Fuzzy Hash: C4F02776C182086AC300DFA8E842DDA7BB89F15344F00C1B9E94597201EB70DA04CBF6
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3841B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3841D8
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3841ED
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 4ae0bc154c3d0afa72289327a2dd3b0f8fa6cfd179e6030504908296487b46e0
                                                                                                                                          • Instruction ID: 8575bb54262800f1223a097b8cb98de463999fb9270bfe0df74d78438c83039e
                                                                                                                                          • Opcode Fuzzy Hash: 4ae0bc154c3d0afa72289327a2dd3b0f8fa6cfd179e6030504908296487b46e0
                                                                                                                                          • Instruction Fuzzy Hash: 57F082728082096BD740DF98E801DDA77BCAF18344F01C17AE94597201EB719A04CBA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D38C3A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D38C3C8
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D38C3DD
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: ff54fa71b3cbce01b8d34153e2e40df2aa831e99a9736f3fc023b6c47bf2420b
                                                                                                                                          • Instruction ID: 5238c768c1ec83cc27e2af1ccc970ebabe7b8ab13aee3b2f67869156d73c1275
                                                                                                                                          • Opcode Fuzzy Hash: ff54fa71b3cbce01b8d34153e2e40df2aa831e99a9736f3fc023b6c47bf2420b
                                                                                                                                          • Instruction Fuzzy Hash: DFF082768142086BDB00DF98D841D9A77B8AF14344F01C27AE94597241EB719A04CFA1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D375D90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D375DB8
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D375DCD
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 4f26ec1eebe6c494da424dbf13fb9e2eca72acdfab5acc288b4d5f0364656923
                                                                                                                                          • Instruction ID: cb77d4b385ead078bb1d8a95eb08071b8baa88917f82b41369ae46b63360e295
                                                                                                                                          • Opcode Fuzzy Hash: 4f26ec1eebe6c494da424dbf13fb9e2eca72acdfab5acc288b4d5f0364656923
                                                                                                                                          • Instruction Fuzzy Hash: 85F08276808208ABD704DF98D8459AA77B8AF14344F01C17AE94597240FB719A14CBA5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D375C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D375C58
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D375C6D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 63149ccc0178cf92e91e9c7a87c967e0153b1a16f3285fee4bfa299ec8ec1b15
                                                                                                                                          • Instruction ID: fc821ceaff7b4ceb9536fbeecc3625ad17c3e8b8d2787c6a986a036ba97cc5fc
                                                                                                                                          • Opcode Fuzzy Hash: 63149ccc0178cf92e91e9c7a87c967e0153b1a16f3285fee4bfa299ec8ec1b15
                                                                                                                                          • Instruction Fuzzy Hash: DFF082B68042096BD704DF98D9419AB77B8AF15344F01C17AE94597210EB719A04CBA5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D375CE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D375D08
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D375D1D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 764cc9be7136f7f578e7cbade00a0cd91f3dce8070a85fff13e17f78f81b7dbf
                                                                                                                                          • Instruction ID: 7eeb4c4425fb00c0bc66eaceb05fad33b402f181037508b0d69e2e1a82dbaa5f
                                                                                                                                          • Opcode Fuzzy Hash: 764cc9be7136f7f578e7cbade00a0cd91f3dce8070a85fff13e17f78f81b7dbf
                                                                                                                                          • Instruction Fuzzy Hash: 22F0827681420C6BD704DF98E8059AA77B8AF14344F01C17AE94597200FB71DA048BA5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3A1F20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3A1F48
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3A1F5D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 991d42b01ff5d68a1124017d3c9258a005933bfdeef26fee656b9be0f76b9fc7
                                                                                                                                          • Instruction ID: 9eeba3b0961ef295fdaf06909d2c3d821839f11b07f27e73e79e0b3fa8199971
                                                                                                                                          • Opcode Fuzzy Hash: 991d42b01ff5d68a1124017d3c9258a005933bfdeef26fee656b9be0f76b9fc7
                                                                                                                                          • Instruction Fuzzy Hash: D9F08273D182086BD700DF98D801D9A77BCEF15344F05C27AE94597200EB709A048BE1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D375FB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D375FD8
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D375FED
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 722806193b9c99e33cf211b2b47789eab86902dedb281787a70671e3d487fe12
                                                                                                                                          • Instruction ID: 504788eb95daa4b744cec7d1962a0130000384488f2f0d18871ac440d9fadc15
                                                                                                                                          • Opcode Fuzzy Hash: 722806193b9c99e33cf211b2b47789eab86902dedb281787a70671e3d487fe12
                                                                                                                                          • Instruction Fuzzy Hash: 6BF08277808209ABD704DF98D8019AA77B8AF14344F01C17AE94597650EB719A048BE5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D375E40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D375E68
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D375E7D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: f4be64544461f3718f079f01bae94f309fd72ac98a1bb7fa2392eaabd5a13ac4
                                                                                                                                          • Instruction ID: a7dc7ba4504326ccedff5a33f077d5910a0a0872c854561336045d7c98b98851
                                                                                                                                          • Opcode Fuzzy Hash: f4be64544461f3718f079f01bae94f309fd72ac98a1bb7fa2392eaabd5a13ac4
                                                                                                                                          • Instruction Fuzzy Hash: 6AF082768042086FD704DF98D8019EB77B8AF14344F05C17AE94997200EB71AA048BE5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D375EF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D375F18
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D375F2D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 759cf489caadbb4c4662f5b3d9d83b8f0c6b50efcbaf2a41fe632a658ee8713b
                                                                                                                                          • Instruction ID: 01d00816be2560009739ff43f2771c5f0e0aaa653f15dd7812247ecffb5323c9
                                                                                                                                          • Opcode Fuzzy Hash: 759cf489caadbb4c4662f5b3d9d83b8f0c6b50efcbaf2a41fe632a658ee8713b
                                                                                                                                          • Instruction Fuzzy Hash: 01F08277818208ABD704DF98D841DAA77B8AF28344F01C17AE94597240EB719A04CFA5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3899F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D389A18
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D389A2D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: c6f0a7d5f54eb8c9955eb17d0fd50d92d821c76ce9d52624301ee36f82930fb0
                                                                                                                                          • Instruction ID: d6b136e6c6436df2501ef8ed94e7eb44462caf222f9c1326aa794aceaa5f092d
                                                                                                                                          • Opcode Fuzzy Hash: c6f0a7d5f54eb8c9955eb17d0fd50d92d821c76ce9d52624301ee36f82930fb0
                                                                                                                                          • Instruction Fuzzy Hash: 3EF082728082086BD740DF98D801D9A77B8AF58344F01C17AED4597201FB70DA048FB1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D375B90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D375BB8
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D375BCD
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 83e6e2e24d623bb087c51c0a39c95cb43fd4c566e56261c675ac105e05675e34
                                                                                                                                          • Instruction ID: 103bb423c8be3975df32c86ddd2c8e85e01bb6b253c4b147963da194762eeb07
                                                                                                                                          • Opcode Fuzzy Hash: 83e6e2e24d623bb087c51c0a39c95cb43fd4c566e56261c675ac105e05675e34
                                                                                                                                          • Instruction Fuzzy Hash: 45F082768082086BD704DF98D801DAA77B8AF14344F01C17AE94597210EB719A148BA5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D389A70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D389A98
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D389AAD
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 4e2cf52b9abe304bde309414455b1313d35e41ee9a59c2923e0cdfa73007b686
                                                                                                                                          • Instruction ID: e84163ead745f24ef8b0448f9fa77d7edcae84b0e097c766dcc572e5bfc724ae
                                                                                                                                          • Opcode Fuzzy Hash: 4e2cf52b9abe304bde309414455b1313d35e41ee9a59c2923e0cdfa73007b686
                                                                                                                                          • Instruction Fuzzy Hash: 9EF0A7768182096AC740DF98D841DDA7BBC5F25344F05C1BAED8597241FB71DA04CBF2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D389AF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D389B18
                                                                                                                                            • Part of subcall function 6D3D9533: std::exception::_Copy_str.LIBCMT ref: 6D3D954E
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D389B2D
                                                                                                                                            • Part of subcall function 6D3DAC75: RaiseException.KERNEL32(?,?,6D3D9C34,2D641B6B,?,?,?,?,6D3D9C34,2D641B6B,6D409C90,6D41B974,2D641B6B), ref: 6D3DACB7
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 2299493649-3383511498
                                                                                                                                          • Opcode ID: 8ac34e9c45cf50580f879e9658cb5d148b9fc5ad4de0760746247b85e57e08c2
                                                                                                                                          • Instruction ID: 8da374d855620765542963434f2fd5208207b01b18811165d9ab497a11122f55
                                                                                                                                          • Opcode Fuzzy Hash: 8ac34e9c45cf50580f879e9658cb5d148b9fc5ad4de0760746247b85e57e08c2
                                                                                                                                          • Instruction Fuzzy Hash: D6F082B28042086BD700DF98D801D9B77F8AF58344F01C17AE94597201EBB09A048FB1
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3AAFA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3AAFE2
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3AAFF9
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 4063778783-3383511498
                                                                                                                                          • Opcode ID: 0d995a6d300ad45ed905f7ec10502f0bf4779a0f84234cf8bc9260b568ca22fe
                                                                                                                                          • Instruction ID: 21018a0b09034fb4bb4101f45af63658741be38697ebb5289e7f08bfd32022d6
                                                                                                                                          • Opcode Fuzzy Hash: 0d995a6d300ad45ed905f7ec10502f0bf4779a0f84234cf8bc9260b568ca22fe
                                                                                                                                          • Instruction Fuzzy Hash: 3EF082B36083026BE348CFA4DD66B7FB3E4DB90604F08843C9545C1154FB39D548CA23
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3AAF40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3AAF7A
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3AAF91
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 4063778783-3383511498
                                                                                                                                          • Opcode ID: eb4ea853e662ed6ab366f5969ddbaa86bf9ca52affb306f2c0c4f8c9a44b90c4
                                                                                                                                          • Instruction ID: 45ff681cacee0651278e459ab67fd0c46b56fbf2d5ae25490fff244ad00748e2
                                                                                                                                          • Opcode Fuzzy Hash: eb4ea853e662ed6ab366f5969ddbaa86bf9ca52affb306f2c0c4f8c9a44b90c4
                                                                                                                                          • Instruction Fuzzy Hash: 47F030B3A083026AD348DFA4DD65E7BB3E4DF94645F09883CE58982140F775D6188923
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3749C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3749EF
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D374A04
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 4063778783-3383511498
                                                                                                                                          • Opcode ID: 769d1da5820b5f643624fe9305c5f95fefb3e2066a2645da822f8a819011047b
                                                                                                                                          • Instruction ID: 5a68f144cb0da9a428714c5166fc4787111be77368ab290f81bf88f68d8af2a6
                                                                                                                                          • Opcode Fuzzy Hash: 769d1da5820b5f643624fe9305c5f95fefb3e2066a2645da822f8a819011047b
                                                                                                                                          • Instruction Fuzzy Hash: 47E0E572C0820D66CB94DFE4D862EAE73688F18354F00826CAD1582180FB35E2048AAA
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3E3EA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: NameName::
                                                                                                                                          • String ID: {flat}
                                                                                                                                          • API String ID: 1333004437-2606204563
                                                                                                                                          • Opcode ID: 6ec3e104dda88ac01a078c8b9f77f82a755447730ae2d6d7176bbac9d7f11daf
                                                                                                                                          • Instruction ID: ef9efeaddf9de4d1ef68946a7dfff6d84b7e4e7caa7fc8f903285ce4fca7d659
                                                                                                                                          • Opcode Fuzzy Hash: 6ec3e104dda88ac01a078c8b9f77f82a755447730ae2d6d7176bbac9d7f11daf
                                                                                                                                          • Instruction Fuzzy Hash: 42F0E5721442599FCB00CF58C851BB83BA0DBC23D7F08C082E95C0F2A6C772D842C755
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3D0E20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3D0E5A
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3D0E71
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 4063778783-3383511498
                                                                                                                                          • Opcode ID: fa8bd09dd31bd01018b9ec6aac719c5c8843f49a4293e54e44d251c15434b5d2
                                                                                                                                          • Instruction ID: 650b265363e2ea73d113a09f2e3bad49c7c72e591ae8c58029f247352fe28328
                                                                                                                                          • Opcode Fuzzy Hash: fa8bd09dd31bd01018b9ec6aac719c5c8843f49a4293e54e44d251c15434b5d2
                                                                                                                                          • Instruction Fuzzy Hash: E1E065B34087026AD384DFA1E565B6BB3E49F94B88F04892CE59942190F731D60CCD63
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3D3640 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3D3676
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3D368D
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 4063778783-3383511498
                                                                                                                                          • Opcode ID: de6b21b3b71460b729bf9d11d8a7001329fe89b339be52aa3e454c97cfb7055c
                                                                                                                                          • Instruction ID: 1ff1df18adb7cf76eecaba79c8c12c0c58a35ce072179b6bf96a22a4261d2ce3
                                                                                                                                          • Opcode Fuzzy Hash: de6b21b3b71460b729bf9d11d8a7001329fe89b339be52aa3e454c97cfb7055c
                                                                                                                                          • Instruction Fuzzy Hash: 57E065B740830666D384DFA0D5A5E6BB3E4AF94748F14893CE59982190F731DA08CD73
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D3AB050 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • std::exception::exception.LIBCMT ref: 6D3AB086
                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 6D3AB09D
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Exception@8Throw_mallocstd::exception::exception
                                                                                                                                          • String ID: 0B?m
                                                                                                                                          • API String ID: 4063778783-3383511498
                                                                                                                                          • Opcode ID: 244c34a387454471c2112719e16658d5b42a81d457e76371b1329e7a3de0a837
                                                                                                                                          • Instruction ID: 0e896e309faad91a40fd5515d5846772d22319e8d42a8bd1a4d3051b1805d003
                                                                                                                                          • Opcode Fuzzy Hash: 244c34a387454471c2112719e16658d5b42a81d457e76371b1329e7a3de0a837
                                                                                                                                          • Instruction Fuzzy Hash: 62E09BB250C3066AD348DFA0E565A7FB3E4DF54758F048D3CE69A81180E731D50CC923
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D38C4A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VariantInit.OLEAUT32(00000000), ref: 6D38C4A4
                                                                                                                                          • VariantCopy.OLEAUT32(00000000,/59m), ref: 6D38C4AF
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Variant$CopyInit
                                                                                                                                          • String ID: /59m
                                                                                                                                          • API String ID: 4248132287-3325220688
                                                                                                                                          • Opcode ID: 391f52e6ef591e427038ddd98e133431fc9a89ad743f263da06cc21d8c71db27
                                                                                                                                          • Instruction ID: 7ff0fa9b3e3dddc3a2a73ad036b155529eaf8e9bbc48f33d36a3fd06dee0c61a
                                                                                                                                          • Opcode Fuzzy Hash: 391f52e6ef591e427038ddd98e133431fc9a89ad743f263da06cc21d8c71db27
                                                                                                                                          • Instruction Fuzzy Hash: 43D012752045187B56015AA5DD4CF9F7BACDF166813004021FA14C2300D738D550D6E5
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 05050F14 Relevance: 5.2, Strings: 4, Instructions: 201COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2100229242.0000000005050000.00000040.00000800.00020000.00000000.sdmp, Offset: 05050000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_5050000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: HERE$HERE$LOOK$LOOK
                                                                                                                                          • API String ID: 0-4238712050
                                                                                                                                          • Opcode ID: 067f4eb48508e45301138f330608eecec340f52397cb572cc6f79bf760fe896c
                                                                                                                                          • Instruction ID: 5a2f057f4760f0b54733b3c2606ab22886e03999015027c82ac9e09144ddb2b7
                                                                                                                                          • Opcode Fuzzy Hash: 067f4eb48508e45301138f330608eecec340f52397cb572cc6f79bf760fe896c
                                                                                                                                          • Instruction Fuzzy Hash: 36A18F74E002298FDB68DF68C994BEDB7F2AB48310F1481E9D549AB360DB709E81CF50
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D387680 Relevance: 5.1, APIs: 4, Instructions: 71COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • EnterCriticalSection.KERNEL32(?,2D641B6B), ref: 6D3876AD
                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,2D641B6B), ref: 6D3876FF
                                                                                                                                          • EnterCriticalSection.KERNEL32(2D641B6B,?,?,?,2D641B6B), ref: 6D38770D
                                                                                                                                          • LeaveCriticalSection.KERNEL32(2D641B6B,?,00000000,?,?,?,?,2D641B6B), ref: 6D38772A
                                                                                                                                            • Part of subcall function 6D3D9BB5: _malloc.LIBCMT ref: 6D3D9BCF
                                                                                                                                            • Part of subcall function 6D386D40: _rand.LIBCMT ref: 6D386DEA
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalSection$EnterLeave$_malloc_rand
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 119520971-0
                                                                                                                                          • Opcode ID: 4a632bc2c919e7345d42e990c5b5360e44aa107d6bf03b36cf2ce90c8fbf3b2f
                                                                                                                                          • Instruction ID: b45792694b66da528bc9f4d7b6086317792c6790d36a02447432e8794aad2154
                                                                                                                                          • Opcode Fuzzy Hash: 4a632bc2c919e7345d42e990c5b5360e44aa107d6bf03b36cf2ce90c8fbf3b2f
                                                                                                                                          • Instruction Fuzzy Hash: 372192B290460DABCB10DF54DC45FABB7BDFF45254F118629E91697240EB70AA05CBA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 6D389580 Relevance: 5.1, APIs: 4, Instructions: 68COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?), ref: 6D3895A9
                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 6D3895CA
                                                                                                                                          • EnterCriticalSection.KERNEL32(00000000,?,?), ref: 6D3895DA
                                                                                                                                          • LeaveCriticalSection.KERNEL32(00000000,?,?,?), ref: 6D3895FB
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.2101690400.000000006D371000.00000020.00000001.01000000.00000007.sdmp, Offset: 6D370000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.2101672910.000000006D370000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102174593.000000006D3F4000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102356662.000000006D40E000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102378626.000000006D410000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102418959.000000006D411000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102457180.000000006D413000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41A000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102502327.000000006D41C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.2102544772.000000006D41E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_6d370000_file.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CriticalSection$EnterLeave
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3168844106-0
                                                                                                                                          • Opcode ID: 27e8b9f313bdc0157ca41f3c7f836150812eec2183bb90c010baebbe1002fc26
                                                                                                                                          • Instruction ID: 1c8379795712660e5fca2189a6d6059515ea5b763b0a0cff71b5decc837574a8
                                                                                                                                          • Opcode Fuzzy Hash: 27e8b9f313bdc0157ca41f3c7f836150812eec2183bb90c010baebbe1002fc26
                                                                                                                                          • Instruction Fuzzy Hash: AA116A72A0410DEFCB00CF99E981AAEF7B8FF55224B01819AE51697611D731EA51CBA0
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Executed Functions

                                                                                                                                          Function 004961D0 Relevance: 75.6, APIs: 4, Strings: 38, Instructions: 2129stringCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,?,?), ref: 00496324
                                                                                                                                          • GetPrivateProfileSectionNamesA.KERNEL32(?,00001000,?), ref: 00496422
                                                                                                                                          • GetPrivateProfileStringA.KERNEL32(?,?,00000000,?,00000104,?), ref: 00496618
                                                                                                                                          • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00498931
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.2251295820.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: PrivateProfile$FolderNamesPathSectionStringlstrlen
                                                                                                                                          • String ID: XO4$cannot use operator[] with a string argument with $cannot use push_back() with $t=X$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea
                                                                                                                                          • API String ID: 1311570089-2051512216
                                                                                                                                          • Opcode ID: e97f1ddc219b5363a198c8bf5c88435a854dcefefb64f42f5a462a708e53df24
                                                                                                                                          • Instruction ID: 989c5ec9f42cbe7ca7a52feb8d81081d67a447e65875f839a8485abaf18e9f24
                                                                                                                                          • Opcode Fuzzy Hash: e97f1ddc219b5363a198c8bf5c88435a854dcefefb64f42f5a462a708e53df24
                                                                                                                                          • Instruction Fuzzy Hash: 464310B0D052688BDB65CF28C884BEEBBB5AF49304F1082DAD449B7242DB756F84CF55
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 004C4130 Relevance: 12.8, APIs: 3, Strings: 4, Instructions: 535fileCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 15051 4c4130-4c418c 15052 4c43b4-4c43c8 call 4339a3 15051->15052 15053 4c4192-4c41a1 call 432b89 15051->15053 15052->15053 15060 4c43ce-4c43fa call 408710 call 4338ce call 433952 15052->15060 15058 4c43ff-4c4401 call 432524 15053->15058 15059 4c41a7-4c41b1 15053->15059 15061 4c4406-4c455d call 432524 call 41ae80 call 4163b0 call 4e4870 DeleteFileA call 4359a0 call 435260 call 4359a0 call 435260 call 4359a0 call 435260 15058->15061 15059->15061 15062 4c41b7-4c42af call 4e77d0 call 41ab20 call 41ad80 call 409280 call 402df0 15059->15062 15060->15053 15121 4c455f-4c4566 15061->15121 15122 4c4570-4c4575 call 418dc0 15061->15122 15091 4c4365-4c43b3 call 4163b0 call 432b9a call 402df0 * 2 15062->15091 15092 4c42b5-4c42bc 15062->15092 15092->15091 15095 4c42c2-4c42ce GetPEB 15092->15095 15098 4c42d0-4c42e4 15095->15098 15099 4c42e6-4c42eb 15098->15099 15100 4c4337-4c4339 15098->15100 15099->15100 15103 4c42ed-4c42f3 15099->15103 15100->15098 15108 4c42f5-4c430a 15103->15108 15111 4c430c 15108->15111 15112 4c432d-4c4335 15108->15112 15115 4c4310-4c4323 15111->15115 15112->15100 15112->15108 15115->15115 15118 4c4325-4c432b 15115->15118 15118->15112 15120 4c433b-4c435f 15118->15120 15120->15091 15120->15095 15123 4c4568 15121->15123 15124 4c456a-4c456e 15121->15124 15127 4c457a-4c4581 15122->15127 15123->15124 15124->15127 15128 4c4585-4c4599 15127->15128 15129 4c4583 15127->15129 15130 4c459d-4c45b4 15128->15130 15131 4c459b 15128->15131 15129->15128 15132 4c45b8-4c45d4 15130->15132 15133 4c45b6 15130->15133 15131->15130 15134 4c45d8-4c45df 15132->15134 15135 4c45d6 15132->15135 15133->15132 15136 4c45e1 15134->15136 15137 4c45e3-4c469f call 435260 call 4e77d0 15134->15137 15135->15134 15136->15137 15142 4c46a2-4c46a7 15137->15142 15142->15142 15143 4c46a9-4c46f7 call 403040 call 409280 call 4e77d0 15142->15143 15150 4c46fd-4c47c3 call 408f20 call 4e77d0 15143->15150 15151 4c46f9 15143->15151 15156 4c47c6-4c47cb 15150->15156 15151->15150 15156->15156 15157 4c47cd-4c47fc call 403040 call 409280 15156->15157 15162 4c481d-4c4826 15157->15162 15163 4c47fe-4c4805 15157->15163 15164 4c4828-4c482f 15162->15164 15165 4c4846-4c4873 call 402df0 * 2 15162->15165 15163->15162 15166 4c4807-4c480b call 402d70 15163->15166 15164->15165 15167 4c4831-4c4835 call 402d70 15164->15167 15169 4c480d-4c4814 15166->15169 15172 4c4837-4c483d 15167->15172 15169->15162 15171 4c4816-4c4818 15169->15171 15171->15162 15172->15165 15174 4c483f-4c4841 15172->15174 15174->15165
                                                                                                                                          APIs
                                                                                                                                          • std::_Throw_Cpp_error.LIBCPMT ref: 004C4401
                                                                                                                                            • Part of subcall function 00432524: __EH_prolog3.LIBCMT ref: 00432560
                                                                                                                                          • std::_Throw_Cpp_error.LIBCPMT ref: 004C4412
                                                                                                                                            • Part of subcall function 004E4870: __fread_nolock.LIBCMT ref: 004E49B9
                                                                                                                                          • DeleteFileA.KERNELBASE(?), ref: 004C449B
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.2251295820.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Cpp_errorThrow_std::_$DeleteFileH_prolog3__fread_nolock
                                                                                                                                          • String ID: 2545$default$v<Ea$v<Ea
                                                                                                                                          • API String ID: 3880692912-3420055167
                                                                                                                                          • Opcode ID: fd1cf96b93702104be0c72e431aebce78ed1fccab690e3f1b0704ca3d22cc0db
                                                                                                                                          • Instruction ID: 95b4950bdd5e1400e1cd3017cd88cce8f5e7c8a1deebc7f26ec5e08fb5c12dfd
                                                                                                                                          • Opcode Fuzzy Hash: fd1cf96b93702104be0c72e431aebce78ed1fccab690e3f1b0704ca3d22cc0db
                                                                                                                                          • Instruction Fuzzy Hash: 0B32ABB4D00248CFDB04DFA8C955BAEBBB1BF58314F14815EE804BB392D778AA45CB95
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 0044D11E Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 408timeCOMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetTimeZoneInformation.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,0044D563,00000000,00000000,00000000), ref: 0044D422
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.2251295820.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InformationTimeZone
                                                                                                                                          • String ID: W. Europe Standard Time$W. Europe Summer Time
                                                                                                                                          • API String ID: 565725191-690618308
                                                                                                                                          • Opcode ID: 363b9ce52103427062cf832a0665327792340bf047436e944fc04ec637a842a6
                                                                                                                                          • Instruction ID: ae25d7ee15690dfd7bff3ec1aae16a2883b1440a20fadde6191e064dea2d3add
                                                                                                                                          • Opcode Fuzzy Hash: 363b9ce52103427062cf832a0665327792340bf047436e944fc04ec637a842a6
                                                                                                                                          • Instruction Fuzzy Hash: 0DC147B2E00215ABEB10AF65DC42AAF7BB9EF04714F54405BFD05EB290E7389E41C798
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 0045E090 Relevance: 46.3, APIs: 10, Strings: 16, Instructions: 832COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 14075 45e090-45e196 call 40b8e0 call 4132d0 call 41ab20 CreateDirectoryA 14082 45e830-45e837 14075->14082 14083 45e19c-45e1a0 14075->14083 14084 45e83d-45e8d9 call 4132d0 call 41ab20 CreateDirectoryA 14082->14084 14085 45ef8e-45f273 call 402df0 14082->14085 14086 45e1a2-45e1bd 14083->14086 14102 45ef7f-45ef89 call 402df0 14084->14102 14103 45e8df-45e8e3 14084->14103 14088 45e7f4-45e81f call 4163b0 call 4dc3e0 14086->14088 14089 45e1c3-45e30c call 4163b0 * 4 call 4132d0 call 41ab20 call 41ad80 call 402df0 call 4e4050 14086->14089 14088->14082 14109 45e821-45e828 call 4e3b20 14088->14109 14147 45e32c-45e3ff call 4132d0 call 41ab20 call 41ad80 call 4162c0 call 402df0 * 2 call 4e4050 14089->14147 14148 45e30e-45e326 CreateDirectoryA 14089->14148 14102->14085 14107 45e8e5-45e900 14103->14107 14110 45e906-45ea4f call 4163b0 * 4 call 4132d0 call 41ab20 call 41ad80 call 402df0 call 4e4050 14107->14110 14111 45ef43-45ef6e call 4163b0 call 4d49b0 14107->14111 14115 45e82d 14109->14115 14165 45ea51-45ea69 CreateDirectoryA 14110->14165 14166 45ea6f-45eb42 call 4132d0 call 41ab20 call 41ad80 call 4162c0 call 402df0 * 2 call 4e4050 14110->14166 14111->14102 14127 45ef70-45ef77 call 4e3b20 14111->14127 14115->14082 14135 45ef7c 14127->14135 14135->14102 14198 45e401-45e419 CreateDirectoryA 14147->14198 14199 45e41f-45e426 14147->14199 14148->14147 14150 45e7a3-45e7ef call 402df0 * 5 14148->14150 14150->14086 14165->14166 14169 45eef2-45ef3e call 402df0 * 5 14165->14169 14225 45eb44-45eb5c CreateDirectoryA 14166->14225 14226 45eb62-45eb69 14166->14226 14169->14107 14198->14150 14198->14199 14202 45e42c-45e4ec call 4132d0 call 41ab20 call 41ad80 call 402df0 call 4e4050 14199->14202 14203 45e52f-45e533 14199->14203 14255 45e511-45e51b call 416290 14202->14255 14256 45e4ee-45e50f CreateDirectoryA 14202->14256 14207 45e535-45e598 call 4132d0 14203->14207 14208 45e59d-45e5a1 14203->14208 14220 45e653-45e741 call 402cf0 call 4132d0 call 41ab20 call 41ae20 call 4162c0 call 402df0 * 3 call 4e4050 14207->14220 14213 45e5f0-45e64e call 4132d0 14208->14213 14214 45e5a3-45e5ee call 4132d0 14208->14214 14213->14220 14214->14220 14295 45e743-45e75b CreateDirectoryA 14220->14295 14296 45e75d-45e79d call 4163b0 * 2 call 4dd2b0 14220->14296 14225->14169 14225->14226 14229 45ec72-45ec76 14226->14229 14230 45eb6f-45ec2f call 4132d0 call 41ab20 call 41ad80 call 402df0 call 4e4050 14226->14230 14233 45ece0-45ece4 14229->14233 14234 45ec78-45ecdb call 4132d0 14229->14234 14277 45ec54-45ec5e call 416290 14230->14277 14278 45ec31-45ec52 CreateDirectoryA 14230->14278 14240 45ece6-45ed49 call 4132d0 14233->14240 14241 45ed4b-45eda9 call 4132d0 14233->14241 14249 45edae-45ee90 call 402cf0 call 4132d0 call 41ab20 call 41ae20 call 4162c0 call 402df0 * 3 call 4e4050 14234->14249 14240->14249 14241->14249 14307 45ee92-45eeaa CreateDirectoryA 14249->14307 14308 45eeac-45eeec call 4163b0 * 2 call 4dd2b0 14249->14308 14260 45e520-45e52a call 402df0 14255->14260 14256->14255 14256->14260 14260->14203 14283 45ec63-45ec6d call 402df0 14277->14283 14278->14277 14278->14283 14283->14229 14295->14150 14295->14296 14296->14150 14311 45e79f 14296->14311 14307->14169 14307->14308 14308->14169 14317 45eeee 14308->14317 14311->14150 14317->14169
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 0040B8E0: CreateDirectoryA.KERNELBASE(?,00000000), ref: 0040BA08
                                                                                                                                          • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0045E192
                                                                                                                                          • CreateDirectoryA.KERNEL32(?,00000000,?,-0000004C), ref: 0045E322
                                                                                                                                          • CreateDirectoryA.KERNEL32(?,00000000,00000000,?,?,?,-0000004C), ref: 0045E415
                                                                                                                                          • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,?,-0000004C), ref: 0045E50B
                                                                                                                                          • CreateDirectoryA.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,-0000004C), ref: 0045E757
                                                                                                                                          • CreateDirectoryA.KERNELBASE(?,00000000), ref: 0045E8D5
                                                                                                                                          • CreateDirectoryA.KERNEL32(?,00000000,?,-0000004C), ref: 0045EA65
                                                                                                                                          • CreateDirectoryA.KERNEL32(?,00000000,00000000,?,?,?,-0000004C), ref: 0045EB58
                                                                                                                                            • Part of subcall function 004E4050: GetFileAttributesA.KERNELBASE(?,?,?,?), ref: 004E40AC
                                                                                                                                            • Part of subcall function 004E4050: GetLastError.KERNEL32(?,?,?), ref: 004E40B7
                                                                                                                                          • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,?,-0000004C), ref: 0045EC4E
                                                                                                                                          • CreateDirectoryA.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,-0000004C), ref: 0045EEA6
                                                                                                                                            • Part of subcall function 004D49B0: SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,005580C7,000000FF), ref: 004D4A1C
                                                                                                                                            • Part of subcall function 004D49B0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 004D4A43
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.2251295820.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CreateDirectory$FolderPath$AttributesErrorFileLast
                                                                                                                                          • String ID: 4<Ea$4<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea$v<Ea
                                                                                                                                          • API String ID: 3066340180-3580313535
                                                                                                                                          • Opcode ID: 7aeaae947102790526ca7d049e91c7f38f4a3f09e9d81f199173f59ad2546fd9
                                                                                                                                          • Instruction ID: 187e135e02323edcdeb922b648b1eb369c74de067950045ae0ec8533c626b417
                                                                                                                                          • Opcode Fuzzy Hash: 7aeaae947102790526ca7d049e91c7f38f4a3f09e9d81f199173f59ad2546fd9
                                                                                                                                          • Instruction Fuzzy Hash: C69224B0D012A88BDB25DB65CC95BDDBBB4AF15304F0040EAD849B7282EB746F88DF55
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 004E4050 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetFileAttributesA.KERNELBASE(?,?,?,?), ref: 004E40AC
                                                                                                                                          • GetLastError.KERNEL32(?,?,?), ref: 004E40B7
                                                                                                                                          • std::_Throw_Cpp_error.LIBCPMT ref: 004E40FF
                                                                                                                                          • std::_Throw_Cpp_error.LIBCPMT ref: 004E4110
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.2251295820.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Cpp_errorThrow_std::_$AttributesErrorFileLast
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 995686243-0
                                                                                                                                          • Opcode ID: e8bf5397469fc94873c39177f127d7faf261d8d09c74de234abcb1eaba5e95dd
                                                                                                                                          • Instruction ID: 75043ba52662ec8977f7939d5729658e1fd39462d7b35c10ac0d99f78a66cf9f
                                                                                                                                          • Opcode Fuzzy Hash: e8bf5397469fc94873c39177f127d7faf261d8d09c74de234abcb1eaba5e95dd
                                                                                                                                          • Instruction Fuzzy Hash: A61197704002809FCB205F2A9C4876A7B64A742736F24033BE925AB7D0DB2A4948875A
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 0044B00C Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • RtlFreeHeap.NTDLL(00000000,00000000,?,00451B36,?,00000000,?,?,00451DD7,?,00000007,?,?,004522CB,?,?), ref: 0044B022
                                                                                                                                          • GetLastError.KERNEL32(?,?,00451B36,?,00000000,?,?,00451DD7,?,00000007,?,?,004522CB,?,?), ref: 0044B02D
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.2251295820.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorFreeHeapLast
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 485612231-0
                                                                                                                                          • Opcode ID: 8f5f5e5f3a4f419eb1531d4b84d5bddc6b9e4df0cc16ebfe6645941cf394f328
                                                                                                                                          • Instruction ID: 7db765718bf42b07c322887ba912f5a8b27e87250ffc8b5b2cb21e2ed262ed9f
                                                                                                                                          • Opcode Fuzzy Hash: 8f5f5e5f3a4f419eb1531d4b84d5bddc6b9e4df0cc16ebfe6645941cf394f328
                                                                                                                                          • Instruction Fuzzy Hash: 05E08C32100304ABEB212BA9EC0EB8E3B59EB1035AF15402AF60C97171DB3CC894D789
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 00403130 Relevance: 1.7, APIs: 1, Instructions: 152COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 004032B8
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.2251295820.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Concurrency::cancel_current_task
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 118556049-0
                                                                                                                                          • Opcode ID: faeee87e9cb2928dc869deb2f29d792fd4066cc876aa1f3f7854db5bc02c9b52
                                                                                                                                          • Instruction ID: 37c687c9678b8c73a61ee687527e7bba20c19d30e347e4ee8b2af9c0fac152c5
                                                                                                                                          • Opcode Fuzzy Hash: faeee87e9cb2928dc869deb2f29d792fd4066cc876aa1f3f7854db5bc02c9b52
                                                                                                                                          • Instruction Fuzzy Hash: E741E471A00114DFCB04DF6CC985A6EBBB9EB88310F14426EE815EB3C5D778DE018B95
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 004E30B0 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SetupDiGetClassDevsA.SETUPAPI(0055A560,00000000,00000000), ref: 004E30F7
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.2251295820.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ClassDevsSetup
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2330331845-0
                                                                                                                                          • Opcode ID: c84afb7f4c8d4b769b1168b0ed0b9b89cfa6dfd5a82f8d41cfd3b293bc0b4bb9
                                                                                                                                          • Instruction ID: 6c2783611b94fe593556f8fc60f2acba4739e4dcff4dff247b261f13deeaccf9
                                                                                                                                          • Opcode Fuzzy Hash: c84afb7f4c8d4b769b1168b0ed0b9b89cfa6dfd5a82f8d41cfd3b293bc0b4bb9
                                                                                                                                          • Instruction Fuzzy Hash: 2111A9B0904784ABE7209F29D91A717BBA4EB00B25F10472EE851573C1E7BA6A5887D2
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                          Function 0044B086 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00434B2F,?,?,0045F2DF,00024FE9,?,00403522,?,?), ref: 0044B0B8
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.2251295820.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_400000_MSBuild.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                          • Opcode ID: 19c0200b13f16c63112227f2d9cdb9560f1756fe0696083341d4f2f1c48a95bc
                                                                                                                                          • Instruction ID: ec68fabac95604ed6c60c864153896eeaad2ecc76740a5c7eee0d32a05b4ec46
                                                                                                                                          • Opcode Fuzzy Hash: 19c0200b13f16c63112227f2d9cdb9560f1756fe0696083341d4f2f1c48a95bc
                                                                                                                                          • Instruction Fuzzy Hash: 97E065311016106BFB3527669C0475F3659EF513A6F150127FE25A72D1DB6CCC4092ED
                                                                                                                                          Uniqueness

                                                                                                                                          Uniqueness Score: -1.00%