Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
libmmd.dll.dll

Overview

General Information

Sample name:libmmd.dll.dll
(renamed file extension from exe to dll)
Original sample name:libmmd.dll.exe
Analysis ID:1483413
MD5:19c31c58313c58fc88cf27e77befb0c3
SHA1:b0711e10ef98b86e76ad28665285598d8809ae36
SHA256:c2684b143c3417c588a3c0ae0a9c4329e71a04fc304aa3a69eae61ede1d0b290
Tags:exe
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found large amount of non-executed APIs
One or more processes crash
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info

Classification

Process Tree

  • System is w10x64
  • loaddll64.exe (PID: 6324 cmdline: loaddll64.exe "C:\Users\user\Desktop\libmmd.dll.dll" MD5: 763455F9DCB24DFEECC2B9D9F8D46D52)
    • conhost.exe (PID: 6372 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 3084 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",#1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • rundll32.exe (PID: 5180 cmdline: rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",#1 MD5: EF3179D498793BF4234F708D3BE28633)
        • WerFault.exe (PID: 5220 cmdline: C:\Windows\system32\WerFault.exe -u -p 5180 -s 328 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • rundll32.exe (PID: 5572 cmdline: rundll32.exe C:\Users\user\Desktop\libmmd.dll.dll,_LIB_VERSIONIMF MD5: EF3179D498793BF4234F708D3BE28633)
      • WerFault.exe (PID: 1016 cmdline: C:\Windows\system32\WerFault.exe -u -p 5572 -s 328 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • rundll32.exe (PID: 7212 cmdline: rundll32.exe C:\Users\user\Desktop\libmmd.dll.dll,__acosdq MD5: EF3179D498793BF4234F708D3BE28633)
      • WerFault.exe (PID: 7248 cmdline: C:\Windows\system32\WerFault.exe -u -p 7212 -s 328 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • rundll32.exe (PID: 7360 cmdline: rundll32.exe C:\Users\user\Desktop\libmmd.dll.dll,__acoshq MD5: EF3179D498793BF4234F708D3BE28633)
      • WerFault.exe (PID: 7396 cmdline: C:\Windows\system32\WerFault.exe -u -p 7360 -s 320 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
    • rundll32.exe (PID: 7456 cmdline: rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",_LIB_VERSIONIMF MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7464 cmdline: rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",__acosdq MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7472 cmdline: rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",__acoshq MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7492 cmdline: rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",ynl MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7504 cmdline: rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",ynf16 MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7512 cmdline: rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",ynf MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7520 cmdline: rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",yn MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7528 cmdline: rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y1l MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7536 cmdline: rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y1f16 MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7544 cmdline: rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y1f MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7552 cmdline: rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y1 MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7560 cmdline: rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y0l MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7568 cmdline: rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y0f16 MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7580 cmdline: rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y0f MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7596 cmdline: rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y0 MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7608 cmdline: rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",truncl MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7688 cmdline: rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",truncf16 MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7708 cmdline: rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",truncf MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7724 cmdline: rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",trunc MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7740 cmdline: rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",tgammal MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7768 cmdline: rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",tgammaf16 MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7784 cmdline: rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",tgammaf MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7816 cmdline: rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",tgamma MD5: EF3179D498793BF4234F708D3BE28633)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Suricata Signatures

Timestamp:2024-07-27T11:34:16.927782+0200
SID:2022930
Source Port:443
Destination Port:49746
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:2024-07-27T11:34:54.490258+0200
SID:2022930
Source Port:443
Destination Port:49754
Protocol:TCP
Classtype:A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: libmmd.dll.dllVirustotal: Detection: 59%Perma Link
Source: libmmd.dll.dllReversingLabs: Detection: 55%
Source: libmmd.dll.dllStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: libmmd.pdb source: loaddll64.exe, 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000003.00000002.1848304264.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.1873710881.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000A.00000002.1885773523.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000D.00000002.1862393694.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000010.00000002.1747347794.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000011.00000002.1747087759.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000012.00000002.1750013302.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000013.00000002.1749039897.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000014.00000002.1749032696.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000015.00000002.1752058510.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000016.00000002.1751496469.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000017.00000002.1749543583.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000018.00000002.1749536241.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000019.00000002.1750742280.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001A.00000002.1752568515.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001B.00000002.1752624679.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001C.00000002.1754625176.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001D.00000002.1750788043.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001E.00000002.1748228081.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001F.00000002.1749140606.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000021.00000002.1755733861.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000022.00000002.1754466954.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000023.00000002.1752953424.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000024.00000002.1754615312.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000026.00000002.1755501845.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000027.00000002.1753539233.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000029.00000002.1755439685.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, libmmd.dll.dll
Source: libmmd.dll.dllString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: libmmd.dll.dllString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
Source: libmmd.dll.dllString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: libmmd.dll.dllString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: libmmd.dll.dllString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
Source: libmmd.dll.dllString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: libmmd.dll.dllString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: libmmd.dll.dllString found in binary or memory: http://ocsp.comodoca.com0
Source: libmmd.dll.dllString found in binary or memory: http://ocsp.sectigo.com0
Source: libmmd.dll.dllString found in binary or memory: http://ocsp.sectigo.com0.
Source: Amcache.hve.8.drString found in binary or memory: http://upx.sf.net
Source: libmmd.dll.dllString found in binary or memory: https://sectigo.com/CPS0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB51F3D00_2_00007FFDFB51F3D0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4C8BD00_2_00007FFDFB4C8BD0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4B8BC00_2_00007FFDFB4B8BC0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB54C3900_2_00007FFDFB54C390
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB5063600_2_00007FFDFB506360
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4B3C300_2_00007FFDFB4B3C30
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4CA4500_2_00007FFDFB4CA450
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4D13F00_2_00007FFDFB4D13F0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4EEC000_2_00007FFDFB4EEC00
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4D8AB00_2_00007FFDFB4D8AB0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB54BAA00_2_00007FFDFB54BAA0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB54D2A00_2_00007FFDFB54D2A0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4B4AD00_2_00007FFDFB4B4AD0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4B52D00_2_00007FFDFB4B52D0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4B4AC00_2_00007FFDFB4B4AC0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4CAA800_2_00007FFDFB4CAA80
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB553B400_2_00007FFDFB553B40
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4CC3300_2_00007FFDFB4CC330
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4CCB500_2_00007FFDFB4CCB50
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB537B300_2_00007FFDFB537B30
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4BCB400_2_00007FFDFB4BCB40
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB5913000_2_00007FFDFB591300
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4BBAE00_2_00007FFDFB4BBAE0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB504AE00_2_00007FFDFB504AE0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4E0B100_2_00007FFDFB4E0B10
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4CD3100_2_00007FFDFB4CD310
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4B53000_2_00007FFDFB4B5300
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4C93000_2_00007FFDFB4C9300
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4C71B00_2_00007FFDFB4C71B0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4EE1C00_2_00007FFDFB4EE1C0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB51E9800_2_00007FFDFB51E980
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB54A9600_2_00007FFDFB54A960
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB5921700_2_00007FFDFB592170
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4B4A500_2_00007FFDFB4B4A50
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4DC2500_2_00007FFDFB4DC250
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4B92400_2_00007FFDFB4B9240
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB591A100_2_00007FFDFB591A10
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB503A100_2_00007FFDFB503A10
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4D02100_2_00007FFDFB4D0210
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4E12000_2_00007FFDFB4E1200
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4B58B00_2_00007FFDFB4B58B0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB5270800_2_00007FFDFB527080
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB5318900_2_00007FFDFB531890
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4EC9300_2_00007FFDFB4EC930
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4F21300_2_00007FFDFB4F2130
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4B61200_2_00007FFDFB4B6120
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB53A1200_2_00007FFDFB53A120
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB54B1200_2_00007FFDFB54B120
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4B98F00_2_00007FFDFB4B98F0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4B60E00_2_00007FFDFB4B60E0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4B61100_2_00007FFDFB4B6110
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4B61000_2_00007FFDFB4B6100
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB591FC00_2_00007FFDFB591FC0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4B37A00_2_00007FFDFB4B37A0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB502FD00_2_00007FFDFB502FD0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4ECFD00_2_00007FFDFB4ECFD0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4C0F600_2_00007FFDFB4C0F60
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4D17600_2_00007FFDFB4D1760
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4FD0300_2_00007FFDFB4FD030
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4BD0200_2_00007FFDFB4BD020
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4CF7E00_2_00007FFDFB4CF7E0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4D5FE00_2_00007FFDFB4D5FE0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4DA0100_2_00007FFDFB4DA010
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB5050000_2_00007FFDFB505000
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4F16B00_2_00007FFDFB4F16B0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4C9EB00_2_00007FFDFB4C9EB0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4D0EB00_2_00007FFDFB4D0EB0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB591EA00_2_00007FFDFB591EA0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB52F6B00_2_00007FFDFB52F6B0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB51EEB00_2_00007FFDFB51EEB0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB54D6B00_2_00007FFDFB54D6B0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB5526B00_2_00007FFDFB5526B0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4EE6C00_2_00007FFDFB4EE6C0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4D0EC00_2_00007FFDFB4D0EC0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4ED6700_2_00007FFDFB4ED670
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4F46900_2_00007FFDFB4F4690
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB512E700_2_00007FFDFB512E70
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4D8E800_2_00007FFDFB4D8E80
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4B8F300_2_00007FFDFB4B8F30
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4F0F100_2_00007FFDFB4F0F10
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4CBF100_2_00007FFDFB4CBF10
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4BB7000_2_00007FFDFB4BB700
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4C7DA00_2_00007FFDFB4C7DA0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4F1DD00_2_00007FFDFB4F1DD0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB5915B00_2_00007FFDFB5915B0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4DE5900_2_00007FFDFB4DE590
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4B46300_2_00007FFDFB4B4630
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB58CE400_2_00007FFDFB58CE40
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4BA6200_2_00007FFDFB4BA620
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB58FE200_2_00007FFDFB58FE20
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4D26500_2_00007FFDFB4D2650
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4B46400_2_00007FFDFB4B4640
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4BE4B00_2_00007FFDFB4BE4B0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB54CCB00_2_00007FFDFB54CCB0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4BC4C00_2_00007FFDFB4BC4C0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4B9CC00_2_00007FFDFB4B9CC0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4C84F00_2_00007FFDFB4C84F0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB5925100_2_00007FFDFB592510
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4EDCE00_2_00007FFDFB4EDCE0
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4BDD100_2_00007FFDFB4BDD10
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4C05100_2_00007FFDFB4C0510
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB5045100_2_00007FFDFB504510
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB591FC03_2_00007FFDFB591FC0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB51F3D03_2_00007FFDFB51F3D0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB502FD03_2_00007FFDFB502FD0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4ECFD03_2_00007FFDFB4ECFD0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4C8BD03_2_00007FFDFB4C8BD0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4B8BC03_2_00007FFDFB4B8BC0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB54C3903_2_00007FFDFB54C390
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4C0F603_2_00007FFDFB4C0F60
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB5063603_2_00007FFDFB506360
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4D17603_2_00007FFDFB4D1760
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4B37963_2_00007FFDFB4B3796
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4B3C303_2_00007FFDFB4B3C30
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4FD0303_2_00007FFDFB4FD030
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4BD0203_2_00007FFDFB4BD020
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4CA4503_2_00007FFDFB4CA450
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4D13F03_2_00007FFDFB4D13F0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4CF7E03_2_00007FFDFB4CF7E0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4D5FE03_2_00007FFDFB4D5FE0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4DA0103_2_00007FFDFB4DA010
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB5050003_2_00007FFDFB505000
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4EEC003_2_00007FFDFB4EEC00
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4F16B03_2_00007FFDFB4F16B0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4D8AB03_2_00007FFDFB4D8AB0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4C9EB03_2_00007FFDFB4C9EB0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4D0EB03_2_00007FFDFB4D0EB0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB54BAA03_2_00007FFDFB54BAA0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB54D2A03_2_00007FFDFB54D2A0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4B52D03_2_00007FFDFB4B52D0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4B4AD03_2_00007FFDFB4B4AD0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB591EA03_2_00007FFDFB591EA0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB52F6B03_2_00007FFDFB52F6B0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB51EEB03_2_00007FFDFB51EEB0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB54D6B03_2_00007FFDFB54D6B0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB5526B03_2_00007FFDFB5526B0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4B4AC03_2_00007FFDFB4B4AC0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4EE6C03_2_00007FFDFB4EE6C0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4D0EC03_2_00007FFDFB4D0EC0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4ED6703_2_00007FFDFB4ED670
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4F46903_2_00007FFDFB4F4690
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB512E703_2_00007FFDFB512E70
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4D8E803_2_00007FFDFB4D8E80
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4CAA803_2_00007FFDFB4CAA80
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB553B403_2_00007FFDFB553B40
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4B8F303_2_00007FFDFB4B8F30
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4CC3303_2_00007FFDFB4CC330
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4CCB503_2_00007FFDFB4CCB50
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB537B303_2_00007FFDFB537B30
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4BCB403_2_00007FFDFB4BCB40
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB5913003_2_00007FFDFB591300
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4BBAE03_2_00007FFDFB4BBAE0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB504AE03_2_00007FFDFB504AE0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4F0F103_2_00007FFDFB4F0F10
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4E0B103_2_00007FFDFB4E0B10
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4CBF103_2_00007FFDFB4CBF10
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4CD3103_2_00007FFDFB4CD310
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4BB7003_2_00007FFDFB4BB700
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4B53003_2_00007FFDFB4B5300
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4C93003_2_00007FFDFB4C9300
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4C71B03_2_00007FFDFB4C71B0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4C7DA03_2_00007FFDFB4C7DA0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4F1DD03_2_00007FFDFB4F1DD0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB5915B03_2_00007FFDFB5915B0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4EE1C03_2_00007FFDFB4EE1C0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB51E9803_2_00007FFDFB51E980
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB54A9603_2_00007FFDFB54A960
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4DE5903_2_00007FFDFB4DE590
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB5921703_2_00007FFDFB592170
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4B46303_2_00007FFDFB4B4630
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB58CE403_2_00007FFDFB58CE40
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4BA6203_2_00007FFDFB4BA620
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4B4A503_2_00007FFDFB4B4A50
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB58FE203_2_00007FFDFB58FE20
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4DC2503_2_00007FFDFB4DC250
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4D26503_2_00007FFDFB4D2650
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4B92403_2_00007FFDFB4B9240
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4B46403_2_00007FFDFB4B4640
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB591A103_2_00007FFDFB591A10
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB503A103_2_00007FFDFB503A10
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4D02103_2_00007FFDFB4D0210
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4E12003_2_00007FFDFB4E1200
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4BE4B03_2_00007FFDFB4BE4B0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4B58B03_2_00007FFDFB4B58B0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB54CCB03_2_00007FFDFB54CCB0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4B9CC03_2_00007FFDFB4B9CC0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4BC4C03_2_00007FFDFB4BC4C0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB5270803_2_00007FFDFB527080
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB5318903_2_00007FFDFB531890
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4EC9303_2_00007FFDFB4EC930
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4F21303_2_00007FFDFB4F2130
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4B61203_2_00007FFDFB4B6120
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB53A1203_2_00007FFDFB53A120
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB54B1203_2_00007FFDFB54B120
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4B98F03_2_00007FFDFB4B98F0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4C84F03_2_00007FFDFB4C84F0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4B60E03_2_00007FFDFB4B60E0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB5925103_2_00007FFDFB592510
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4EDCE03_2_00007FFDFB4EDCE0
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4BDD103_2_00007FFDFB4BDD10
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4C05103_2_00007FFDFB4C0510
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4B61103_2_00007FFDFB4B6110
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB5045103_2_00007FFDFB504510
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB4B61003_2_00007FFDFB4B6100
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB51F3D010_2_00007FFDFB51F3D0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4C8BD010_2_00007FFDFB4C8BD0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4B8BC010_2_00007FFDFB4B8BC0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB54C39010_2_00007FFDFB54C390
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB50636010_2_00007FFDFB506360
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4B3C3010_2_00007FFDFB4B3C30
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4CA45010_2_00007FFDFB4CA450
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4D13F010_2_00007FFDFB4D13F0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4EEC0010_2_00007FFDFB4EEC00
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4D8AB010_2_00007FFDFB4D8AB0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB54BAA010_2_00007FFDFB54BAA0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB54D2A010_2_00007FFDFB54D2A0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4B52D010_2_00007FFDFB4B52D0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4B4AD010_2_00007FFDFB4B4AD0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4B4AC010_2_00007FFDFB4B4AC0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4CAA8010_2_00007FFDFB4CAA80
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB553B4010_2_00007FFDFB553B40
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4CC33010_2_00007FFDFB4CC330
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4CCB5010_2_00007FFDFB4CCB50
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB537B3010_2_00007FFDFB537B30
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4BCB4010_2_00007FFDFB4BCB40
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB59130010_2_00007FFDFB591300
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4BBAE010_2_00007FFDFB4BBAE0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB504AE010_2_00007FFDFB504AE0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4E0B1010_2_00007FFDFB4E0B10
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4CD31010_2_00007FFDFB4CD310
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4B530010_2_00007FFDFB4B5300
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4C930010_2_00007FFDFB4C9300
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4C71B010_2_00007FFDFB4C71B0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4EE1C010_2_00007FFDFB4EE1C0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB51E98010_2_00007FFDFB51E980
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB54A96010_2_00007FFDFB54A960
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB59217010_2_00007FFDFB592170
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4B4A5010_2_00007FFDFB4B4A50
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4DC25010_2_00007FFDFB4DC250
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4B924010_2_00007FFDFB4B9240
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB591A1010_2_00007FFDFB591A10
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB503A1010_2_00007FFDFB503A10
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4D021010_2_00007FFDFB4D0210
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4E120010_2_00007FFDFB4E1200
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4B58B010_2_00007FFDFB4B58B0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB52708010_2_00007FFDFB527080
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB53189010_2_00007FFDFB531890
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4EC93010_2_00007FFDFB4EC930
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4F213010_2_00007FFDFB4F2130
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4B612010_2_00007FFDFB4B6120
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB53A12010_2_00007FFDFB53A120
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB54B12010_2_00007FFDFB54B120
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4B98F010_2_00007FFDFB4B98F0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4B60E010_2_00007FFDFB4B60E0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4B611010_2_00007FFDFB4B6110
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4B610010_2_00007FFDFB4B6100
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB591FC010_2_00007FFDFB591FC0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4B37A010_2_00007FFDFB4B37A0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB502FD010_2_00007FFDFB502FD0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4ECFD010_2_00007FFDFB4ECFD0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4C0F6010_2_00007FFDFB4C0F60
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4D176010_2_00007FFDFB4D1760
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4FD03010_2_00007FFDFB4FD030
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4BD02010_2_00007FFDFB4BD020
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4CF7E010_2_00007FFDFB4CF7E0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4D5FE010_2_00007FFDFB4D5FE0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4DA01010_2_00007FFDFB4DA010
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB50500010_2_00007FFDFB505000
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4F16B010_2_00007FFDFB4F16B0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4C9EB010_2_00007FFDFB4C9EB0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4D0EB010_2_00007FFDFB4D0EB0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB591EA010_2_00007FFDFB591EA0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB52F6B010_2_00007FFDFB52F6B0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB51EEB010_2_00007FFDFB51EEB0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB54D6B010_2_00007FFDFB54D6B0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB5526B010_2_00007FFDFB5526B0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4EE6C010_2_00007FFDFB4EE6C0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4D0EC010_2_00007FFDFB4D0EC0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4ED67010_2_00007FFDFB4ED670
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4F469010_2_00007FFDFB4F4690
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB512E7010_2_00007FFDFB512E70
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4D8E8010_2_00007FFDFB4D8E80
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4B8F3010_2_00007FFDFB4B8F30
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4F0F1010_2_00007FFDFB4F0F10
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4CBF1010_2_00007FFDFB4CBF10
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4BB70010_2_00007FFDFB4BB700
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4C7DA010_2_00007FFDFB4C7DA0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4F1DD010_2_00007FFDFB4F1DD0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB5915B010_2_00007FFDFB5915B0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4DE59010_2_00007FFDFB4DE590
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4B463010_2_00007FFDFB4B4630
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB58CE4010_2_00007FFDFB58CE40
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4BA62010_2_00007FFDFB4BA620
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB58FE2010_2_00007FFDFB58FE20
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4D265010_2_00007FFDFB4D2650
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4B464010_2_00007FFDFB4B4640
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4BE4B010_2_00007FFDFB4BE4B0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB54CCB010_2_00007FFDFB54CCB0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4BC4C010_2_00007FFDFB4BC4C0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4B9CC010_2_00007FFDFB4B9CC0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4C84F010_2_00007FFDFB4C84F0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB59251010_2_00007FFDFB592510
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4EDCE010_2_00007FFDFB4EDCE0
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4BDD1010_2_00007FFDFB4BDD10
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB4C051010_2_00007FFDFB4C0510
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB50451010_2_00007FFDFB504510
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 5572 -s 328
Source: libmmd.dll.dllStatic PE information: invalid certificate
Source: libmmd.dll.dllBinary or memory string: OriginalFilenamelibmmd.dll` vs libmmd.dll.dll
Source: classification engineClassification label: mal48.winDLL@126/17@0/0
Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7360
Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7212
Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5572
Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5180
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6372:120:WilError_03
Source: C:\Windows\System32\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\08768608-d9f7-4341-905f-872fba1a7398Jump to behavior
Source: libmmd.dll.dllStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\System32\loaddll64.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\libmmd.dll.dll,_LIB_VERSIONIMF
Source: libmmd.dll.dllVirustotal: Detection: 59%
Source: libmmd.dll.dllReversingLabs: Detection: 55%
Source: unknownProcess created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\libmmd.dll.dll"
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",#1
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\libmmd.dll.dll,_LIB_VERSIONIMF
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",#1
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 5572 -s 328
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 5180 -s 328
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\libmmd.dll.dll,__acosdq
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7212 -s 328
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\libmmd.dll.dll,__acoshq
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7360 -s 320
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",_LIB_VERSIONIMF
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",__acosdq
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",__acoshq
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",ynl
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",ynf16
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",ynf
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",yn
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y1l
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y1f16
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y1f
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y1
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y0l
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y0f16
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y0f
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y0
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",truncl
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",truncf16
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",truncf
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",trunc
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",tgammal
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",tgammaf16
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",tgammaf
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",tgamma
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",#1Jump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\libmmd.dll.dll,_LIB_VERSIONIMFJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\libmmd.dll.dll,__acosdqJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\libmmd.dll.dll,__acoshqJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",_LIB_VERSIONIMFJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",__acosdqJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",__acoshqJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",ynlJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",ynf16Jump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",ynfJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",ynJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y1lJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y1f16Jump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y1fJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y1Jump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y0lJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y0f16Jump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y0fJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y0Jump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",trunclJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",truncf16Jump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",truncfJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",truncJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",tgammalJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",tgammaf16Jump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",tgammafJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",tgammaJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 5180 -s 328Jump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7212 -s 328Jump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",#1Jump to behavior
Source: C:\Windows\System32\loaddll64.exeSection loaded: apphelp.dllJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: libmmd.dll.dllStatic PE information: More than 1031 > 100 exports found
Source: libmmd.dll.dllStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: libmmd.dll.dllStatic PE information: Image base 0x180000000 > 0x60000000
Source: libmmd.dll.dllStatic file information: File size 4148864 > 1048576
Source: libmmd.dll.dllStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x186200
Source: libmmd.dll.dllStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x1d4e00
Source: libmmd.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: libmmd.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: libmmd.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: libmmd.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: libmmd.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: libmmd.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: libmmd.dll.dllStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: libmmd.dll.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: libmmd.pdb source: loaddll64.exe, 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000003.00000002.1848304264.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.1873710881.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000A.00000002.1885773523.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000000D.00000002.1862393694.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000010.00000002.1747347794.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000011.00000002.1747087759.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000012.00000002.1750013302.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000013.00000002.1749039897.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000014.00000002.1749032696.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000015.00000002.1752058510.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000016.00000002.1751496469.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000017.00000002.1749543583.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000018.00000002.1749536241.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000019.00000002.1750742280.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001A.00000002.1752568515.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001B.00000002.1752624679.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001C.00000002.1754625176.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001D.00000002.1750788043.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001E.00000002.1748228081.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 0000001F.00000002.1749140606.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000021.00000002.1755733861.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000022.00000002.1754466954.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000023.00000002.1752953424.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000024.00000002.1754615312.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000026.00000002.1755501845.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000027.00000002.1753539233.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000029.00000002.1755439685.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmp, libmmd.dll.dll
Source: libmmd.dll.dllStatic PE information: real checksum: 0x40421d should be: 0x40244a
Source: libmmd.dll.dllStatic PE information: section name: .trace
Source: libmmd.dll.dllStatic PE information: section name: _RDATA
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\loaddll64.exeAPI coverage: 8.1 %
Source: C:\Windows\System32\rundll32.exeAPI coverage: 2.7 %
Source: C:\Windows\System32\rundll32.exeAPI coverage: 3.7 %
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: Amcache.hve.8.drBinary or memory string: VMware
Source: Amcache.hve.8.drBinary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.8.drBinary or memory string: vmci.syshbin
Source: Amcache.hve.8.drBinary or memory string: VMware, Inc.
Source: Amcache.hve.8.drBinary or memory string: VMware20,1hbin@
Source: Amcache.hve.8.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.8.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.8.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.8.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.8.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.8.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.8.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.8.drBinary or memory string: vmci.sys
Source: Amcache.hve.8.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.8.drBinary or memory string: vmci.syshbin`
Source: Amcache.hve.8.drBinary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.8.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.8.drBinary or memory string: VMware20,1
Source: Amcache.hve.8.drBinary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.8.drBinary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.8.drBinary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.8.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.8.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.8.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.8.drBinary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.8.drBinary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.8.drBinary or memory string: VMware Virtual RAM
Source: Amcache.hve.8.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.8.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPortJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeProcess queried: DebugPort
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB62BDAC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00007FFDFB62BDAC
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB4B8420 CreateFileW,GetProcessHeap,HeapAlloc,0_2_00007FFDFB4B8420
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB624CCC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FFDFB624CCC
Source: C:\Windows\System32\rundll32.exeCode function: 3_2_00007FFDFB624CCC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00007FFDFB624CCC
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB62BDAC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_00007FFDFB62BDAC
Source: C:\Windows\System32\rundll32.exeCode function: 10_2_00007FFDFB624CCC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_00007FFDFB624CCC
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",#1Jump to behavior
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB624670 cpuid 0_2_00007FFDFB624670
Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FFDFB624F68 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FFDFB624F68
Source: Amcache.hve.8.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.8.drBinary or memory string: msmpeng.exe
Source: Amcache.hve.8.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.8.drBinary or memory string: MsMpEng.exe

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		11
Process Injection		1
Virtualization/Sandbox Evasion		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Rundll32		LSASS Memory41
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
Process Injection		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS12
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1483413 Sample: libmmd.dll.exe Startdate: 27/07/2024 Architecture: WINDOWS Score: 48 28 Multi AV Scanner detection for submitted file 2->28 8 loaddll64.exe 1 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        12 rundll32.exe 8->12         started        14 rundll32.exe 8->14         started        16 25 other processes 8->16 process5 18 rundll32.exe 10->18         started        20 WerFault.exe 18 12->20         started        22 WerFault.exe 16 14->22         started        24 WerFault.exe 16 16->24         started        process6 26 WerFault.exe 20 16 18->26         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
libmmd.dll.dll60%VirustotalBrowse
libmmd.dll.dll55%ReversingLabsWin64.Trojan.Generic

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl00%URL Reputationsafe
http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl00%URL Reputationsafe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
http://upx.sf.net0%URL Reputationsafe
https://sectigo.com/CPS00%URL Reputationsafe
https://sectigo.com/CPS00%URL Reputationsafe
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%URL Reputationsafe
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#0%URL Reputationsafe
http://ocsp.sectigo.com0.0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0libmmd.dll.dllfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tlibmmd.dll.dllfalse
  • URL Reputation: safe
unknown
http://ocsp.sectigo.com0.libmmd.dll.dllfalse
  • Avira URL Cloud: safe
unknown
http://upx.sf.netAmcache.hve.8.drfalse
  • URL Reputation: safe
unknown
https://sectigo.com/CPS0libmmd.dll.dllfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#libmmd.dll.dllfalse
  • URL Reputation: safe
unknown
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0libmmd.dll.dllfalse
  • URL Reputation: safe
unknown
http://ocsp.sectigo.com0libmmd.dll.dllfalse
  • URL Reputation: safe
unknown
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#libmmd.dll.dllfalse
  • URL Reputation: safe
unknown
http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#libmmd.dll.dllfalse
  • URL Reputation: safe
unknown

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1483413
Start date and time:2024-07-27 11:33:08 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 7m 34s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:42
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:libmmd.dll.dll
(renamed file extension from exe to dll)
Original Sample Name:libmmd.dll.exe
Detection:MAL
Classification:mal48.winDLL@126/17@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:Failed

Warnings

  • Exclude process from analysis (whitelisted): WerFault.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 20.42.65.92, 52.168.117.173
  • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
  • Report size exceeded maximum capacity and may have missing behavior information.

Simulations

Behavior and APIs

TimeTypeDescription
05:34:16API Interceptor4x Sleep call for process: WerFault.exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_lib_7fb52cffe21ecd6abfc1c32e247ab46588f99498_0fd03ba9_5097cc39-576f-429e-8e24-a95d50f63d86\Report.wer

Download File
Process:C:\Windows\System32\WerFault.exe
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):65536
Entropy (8bit):0.7669326472533803
Encrypted:false
SSDEEP:96:LwFdguKOifm+yKy5sj54RvC5CQ16tQXIDcQ0c6vrcEecw3LXaXz+HbHgSQgJj+hu:UHgYi/y5Zy0KjrUXjGuzuiFIZ24lO8W
MD5:06CB823C6AAF49D3691379BE8C759521
SHA1:F74DB9E91569656F60B68C9EB05A7BF6EFD703AC
SHA-256:5421791F16B799EF78C571EB3689BB092EB9CC6EA53F4DAC134AD1D7E4A93C4F
SHA-512:CC8CCE9C15384251AE8BD54DEBA763B3A9E3A7D649BBBBAA658345BB4A7EDD75AC7E405706709FD7E402BC1E482561578517FEBFEB1995253EC6EEE2A51C1325
Malicious:false
Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.6.5.4.6.4.3.6.5.4.2.4.7.1.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.6.5.4.6.4.3.6.9.1.7.4.6.9.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.0.9.7.c.c.3.9.-.5.7.6.f.-.4.2.9.e.-.8.e.2.4.-.a.9.5.d.5.0.f.6.3.d.8.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.c.8.0.1.3.4.6.-.8.b.7.8.-.4.6.4.0.-.a.a.f.d.-.a.f.7.2.6.c.f.0.5.f.2.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e._.l.i.b.m.m.d...d.l.l...d.l.l.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.4.3.c.-.0.0.0.1.-.0.0.1.4.-.a.f.8.d.-.0.3.1.a.0.8.e.0.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.d.d.3.9.9.a.e.4.6.3.0.3.3.4.3.f.9.f.0.d.a.1.8.9.a.e.e.1.1.c.6.7.b.d.8.6.8.2.2.2.!.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_lib_7fb52cffe21ecd6abfc1c32e247ab46588f99498_0fd03ba9_7f5ebac1-d6d5-4cf2-8be5-db53b231b40a\Report.wer

Download File
Process:C:\Windows\System32\WerFault.exe
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):65536
Entropy (8bit):0.7671107094939073
Encrypted:false
SSDEEP:192:wuxDuiiyeZy0KjrUXjGuzuiFjZ24lO8W:71ui/eZ5KjrUXjvzuiFjY4lO8W
MD5:B480B5CACFCF585AB5EA5EA130BCDAA5
SHA1:2F1448DA088E643A169F0A0935F82D1E11A2C29A
SHA-256:1E051BA2FF4A9507B0F37142A78A7A6B31A4AC575B611FFB3E9182400F815997
SHA-512:2BFE43DED3E6BCAAE85E8DEE88D7380DB8D3014C60E3A1BEF6BC2B72FC63D4D134340A6A0AFA0FE7F03299CB6257C23399790D26C9C2148FE17145C5B9F2BD2F
Malicious:false
Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.6.4.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.6.5.4.6.4.3.6.5.0.7.3.6.2.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.6.5.4.6.4.3.7.0.2.2.9.8.6.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.f.5.e.b.a.c.1.-.d.6.d.5.-.4.c.f.2.-.8.b.e.5.-.d.b.5.3.b.2.3.1.b.4.0.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.d.2.9.7.d.9.9.-.d.9.a.f.-.4.8.2.9.-.a.5.e.2.-.9.a.2.7.3.9.6.2.e.5.9.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e._.l.i.b.m.m.d...d.l.l...d.l.l.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.5.c.4.-.0.0.0.1.-.0.0.1.4.-.b.f.b.d.-.0.1.1.a.0.8.e.0.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.d.d.3.9.9.a.e.4.6.3.0.3.3.4.3.f.9.f.0.d.a.1.8.9.a.e.e.1.1.c.6.7.b.d.8.6.8.2.2.2.!.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_lib_9afd1e816e2885921660f65cfabdd427ac9437d_0fd03ba9_2091bba8-a1b3-45bc-be49-99cc77a1e4cd\Report.wer

Download File
Process:C:\Windows\System32\WerFault.exe
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):65536
Entropy (8bit):0.7574663437595754
Encrypted:false
SSDEEP:96:RgFmOikyKyUsj54RvC5CYfHQXIDcQpc6xcELcw3XXaXz+HbHgSQgJj+h88WpOy4S:S9ikyUZf0X1xTjGuzuiFjZ24lO8p
MD5:41353C8C65499F12DA24F3BD318D939C
SHA1:ECF28F9C1A0A0C80DAE3B6BBF7741E2A52443B6C
SHA-256:243766DCC6B558AC9EE88DD959B77938F7B018F153918A5347A199F1D512CC98
SHA-512:F38C047920E1220316F6F13AF713CB7B36D3E906A722EF189C173BA02BAA74A30CC93A047C674E3CD19B148F90A5B96E7EB78EF9E858687D99CF1611B5AE4A49
Malicious:false
Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.6.5.4.6.4.4.2.7.3.9.5.4.3.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.6.5.4.6.4.4.2.9.4.2.6.5.7.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.0.9.1.b.b.a.8.-.a.1.b.3.-.4.5.b.c.-.b.e.4.9.-.9.9.c.c.7.7.a.1.e.4.c.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.d.8.c.f.8.a.a.-.d.2.9.7.-.4.d.9.4.-.b.8.c.d.-.d.f.7.b.c.7.9.3.f.3.f.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e._.l.i.b.m.m.d...d.l.l...d.l.l.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.c.0.-.0.0.0.1.-.0.0.1.4.-.d.8.e.8.-.9.b.1.d.0.8.e.0.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.d.d.3.9.9.a.e.4.6.3.0.3.3.4.3.f.9.f.0.d.a.1.8.9.a.e.e.1.1.c.6.7.b.d.8.6.8.2.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_lib_a3b6957ca019c315fa2e856f651d7b4deeb1dc56_0fd03ba9_e9428bdd-c82c-4b88-bda4-2e7421f6b2a7\Report.wer

Download File
Process:C:\Windows\System32\WerFault.exe
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):65536
Entropy (8bit):0.7576932825992645
Encrypted:false
SSDEEP:96:itvF+b7OidyKyZsj54RvC5CYfBPQXIDcQpc6xcEBcw3xSXaXz+HbHgSQgJj+h881:WtidyZZx0X17lojGuzuiFIZ24lO8p7
MD5:A1D0E5A45B76945DB1AF0F1710E6B9BB
SHA1:6E4D6853FEA74030FAC10C8CA83D56F2EF619D66
SHA-256:C5A2157CE07326BB65E5C797B334BB522A89B4D44894D43BB80880E9AFB7DE00
SHA-512:DF52F84D34A2AB317AE84466C88066FAE3F66195E603F188D696B9D125E078A0EE08B90B891159B287D4373ACAE089BA2EE287DB26114E2DD5AFF2133E1DCF5A
Malicious:false
Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.6.5.4.6.4.3.9.3.3.6.7.6.7.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.6.5.4.6.4.3.9.5.3.9.8.8.9.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.9.4.2.8.b.d.d.-.c.8.2.c.-.4.b.8.8.-.b.d.a.4.-.2.e.7.4.2.1.f.6.b.2.a.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.f.4.3.d.c.9.a.-.5.d.2.5.-.4.a.8.b.-.9.3.9.7.-.b.1.1.c.c.8.9.5.b.8.b.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e._.l.i.b.m.m.d...d.l.l...d.l.l.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.2.c.-.0.0.0.1.-.0.0.1.4.-.e.e.9.8.-.c.e.1.b.0.8.e.0.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.d.d.3.9.9.a.e.4.6.3.0.3.3.4.3.f.9.f.0.d.a.1.8.9.a.e.e.1.1.c.6.7.b.d.8.6.8.2.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2B3E.tmp.dmp

Download File
Process:C:\Windows\System32\WerFault.exe
File Type:Mini DuMP crash report, 14 streams, Sat Jul 27 09:33:56 2024, 0x1205a4 type
Category:dropped
Size (bytes):56140
Entropy (8bit):1.6140646344768088
Encrypted:false
SSDEEP:192:dxrOM4dLEo/L9kwNCGwFnnAHne2omtrdLqYfd8xn:iJdYerCVnnAHnw0Lf+
MD5:08C2201282B71F80E063823B6C8239E6
SHA1:8146DDD7ACB56AC6AE1D6EBD2CE523AD41D7FEC3
SHA-256:C522BDC4F6DF58F3C2E86B719C09A7BB8327D8573510D728945A92D97167C541
SHA-512:BFD2A7D068C7F712A9CFE105132D7A138689C32C2E1389C902668980C677C1D52FB03D60CE6AC8077466E7AF24A629159FBB0E9D49DFFF31E6488C24D823E631
Malicious:false
Preview:MDMP..a..... ..........f.........................................(..........T.......8...........T...............D...........|...........h...............................................................................eJ..............Lw......................T..............f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2B4E.tmp.dmp

Download File
Process:C:\Windows\System32\WerFault.exe
File Type:Mini DuMP crash report, 14 streams, Sat Jul 27 09:33:56 2024, 0x1205a4 type
Category:dropped
Size (bytes):56760
Entropy (8bit):1.6142378922164773
Encrypted:false
SSDEEP:192:dwl6OMCjqeseEkiWwnhbwn2ePy60Rd+MlG2jY:G3bj2eik2eqdlG2
MD5:E3AFD370A37FC1B11A22D13D73DB69EF
SHA1:629B61B8C7EDEA0A4C7510248775640B515269DD
SHA-256:51DBBD52B1A201A1A1A6C9DEF4FBF2C8187879D81FAC50694E441043A5F69C92
SHA-512:F7F2F1B72D91D11CEBE89EE247D69A03257D09230430414710FEAB438E202E6B9E2A59831CE67D9BFC6BD4C74679E15C4B3E6A1CF13DCC1CADC6BC9A888A688A
Malicious:false
Preview:MDMP..a..... ..........f.........................................(..........T.......8...........T...........X...`...........|...........h...............................................................................eJ..............Lw......................T.......<......f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2BCC.tmp.WERInternalMetadata.xml

Download File
Process:C:\Windows\System32\WerFault.exe
File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):8856
Entropy (8bit):3.6931325357464084
Encrypted:false
SSDEEP:192:R6l7wVeJp5RtWy6Y8868fgmf2tQlprH89bmQCfOg+im:R6lXJ3LWy6YXhgmf2tQQm1fDy
MD5:D8C372F3091C478126F981E154B101CC
SHA1:B1AC5415685B9E5ADC040B1711E902AF8E5F582C
SHA-256:2ABF0915F22A2AB0C9FCB682A62546D2F3F61070EEA70DCE918E4AB5400880AF
SHA-512:46B5CAC454325B5D0F1FB42AF635831D51206DC1F34FB016AB76D4970D5C5F01BF1E4A50F970AEB00B5105C740C8C9B95A6EAD585F6973AC49F4468FCB46EE89
Malicious:false
Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.1.8.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2BFC.tmp.xml

Download File
Process:C:\Windows\System32\WerFault.exe
File Type:XML 1.0 document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):4875
Entropy (8bit):4.45720116797675
Encrypted:false
SSDEEP:48:cvIwWl8zsGWJg771I9cfWpW8VYWYm8M4JCsCK+FPayq8vhKYptSTSWd:uIjfzI7rO7VeJeaW3poOWd
MD5:DF8BD80C765536D4AB18F327EA55DC61
SHA1:09D41F1BD69B2DEE08359DED49F6A615B53B80D9
SHA-256:E77166DB883F324D0F52022368F49105E0F1B786DD2C22B3E56DA38CBB3E03D2
SHA-512:0F52F74EAE6A1F72E5EEC962CD93E4CE9023596E4EFF34A23B7A7CB722D3CEFC6A88DC5516F1845E4584411A6CC7F163BA76CA400384B8BD3DD090E453C64A6A
Malicious:false
Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="429156" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C4A.tmp.WERInternalMetadata.xml

Download File
Process:C:\Windows\System32\WerFault.exe
File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):8850
Entropy (8bit):3.6924868726070645
Encrypted:false
SSDEEP:192:R6l7wVeJA5RhVWg6YC5T1agmf2tQlprM89bmmCfqim:R6lXJOFWg6YC91agmf2tQRmDfG
MD5:BA581430DD26C92965CC032B1C3F9205
SHA1:6AF8D2782FA4688C29B4D38C6A1C9420974A7436
SHA-256:90BFB3CFEBB0E8FCCEF8AC1A91DCB4D633D36A944B5F851A3E777A8B1C0D7D9A
SHA-512:3B95137746AB50C938CFA104C4F2B6730A88F8806123A3C52A7E2028ADFEFAEC795A79F4F88663AE2BEE8DF5BD2AE741BFE1DE4E1015D1C3C64AFC4372E73FB4
Malicious:false
Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.5.7.2.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C99.tmp.xml

Download File
Process:C:\Windows\System32\WerFault.exe
File Type:XML 1.0 document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):4875
Entropy (8bit):4.457811469384468
Encrypted:false
SSDEEP:48:cvIwWl8zsGWJg771I9cfWpW8VYj5Ym8M4JCsCK+FCyq8vhKTptSTSRd:uIjfzI7rO7VBJJWcpoORd
MD5:6890CA58B1E25967EA96E25F50DBAEEB
SHA1:432A364D2A47CB400D129CD6DA13E7667E8CD110
SHA-256:076BF0D2AF9C334ABCBEBD2B1185BEEEF98161C27B9D1A3762AEB9AF5D1FF240
SHA-512:FCABAC455034591B397DD7A83D7D732FF6B8627119B87CB6BF3691A920046D4E0B6444D03E52DE8F258F2585C5DF192D10513C04AB8D3500009008ECE5E6EBD4
Malicious:false
Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="429156" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER363B.tmp.dmp

Download File
Process:C:\Windows\System32\WerFault.exe
File Type:Mini DuMP crash report, 14 streams, Sat Jul 27 09:33:59 2024, 0x1205a4 type
Category:dropped
Size (bytes):57804
Entropy (8bit):1.638825119526229
Encrypted:false
SSDEEP:192:mj/gaquOMWpolrQFFwZf/NvFCQzIAquRSdN:K6TClr5f/NvJb3SP
MD5:359520E3D229E61D86837441A250657F
SHA1:03394A91900133F5A22EA80A9E507807541F29C0
SHA-256:49EBE5C38E0B34C89D8767F758CD41A0CF52CB329CED24F312C55F2B7F8070F7
SHA-512:532677F445A0E2CF8643802481CED812EEA3AF521121747F5842EE54F581004A75EB37BB12F6A2D4FB109D4FB8814D297A0E2563EC6DEAC30C08040551874CCD
Malicious:false
Preview:MDMP..a..... ..........f.........................................(..........T.......8...........T...........................|...........h...............................................................................eJ..............Lw......................T.......,......f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER366A.tmp.WERInternalMetadata.xml

Download File
Process:C:\Windows\System32\WerFault.exe
File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):8514
Entropy (8bit):3.6952574645849445
Encrypted:false
SSDEEP:192:R6l7wVeJL3RcWn6YC5Q1agmfHluWprRC89bR91fdbm:R6lXJr6Wn6YCu1agmfHluw7Rff8
MD5:8A905C0232D8FB85E5506985A630C389
SHA1:CD06A9EE71C1E45FEFA4D69F9FA8D6B1D38DB30E
SHA-256:8B62B47D6CF0C2CE87CD359EE10A48E5BF742C069480FB8C1D8FC2F2734E2218
SHA-512:9A1D16CCAA1AE460823B7EEF24BBCE238395DA297D62AA314878A887812226A01A22085C771413A170137B32633CF12D604A976C6BE55DF29CDD365E940983BF
Malicious:false
Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.2.1.2.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER369A.tmp.xml

Download File
Process:C:\Windows\System32\WerFault.exe
File Type:XML 1.0 document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):4755
Entropy (8bit):4.465955049281228
Encrypted:false
SSDEEP:48:cvIwWl8zsGWJg771I9cfWpW8VYRYm8M4JCsCKlFaYfyq85mbkUqptSTS6d:uIjfzI7rO7VNJiSW/poO6d
MD5:0D69C2FCC08DACD7528A7F106E2DD904
SHA1:7836CA289E037D5A8A493E2B3191361296E3CE22
SHA-256:12C96A7BF55A2652613C8EE6A874692CE730BDD4D11021579034965CCE1E66BC
SHA-512:3AA509F1933D7C5105ADC913AA9E618937F4718C803108E70A7C949F80FBED9FC9501BFE222DB99B9861C1B74FAFB52D65E0F873FC4B17EF245ABC3C53893923
Malicious:false
Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="429156" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4389.tmp.dmp

Download File
Process:C:\Windows\System32\WerFault.exe
File Type:Mini DuMP crash report, 14 streams, Sat Jul 27 09:34:02 2024, 0x1205a4 type
Category:dropped
Size (bytes):56980
Entropy (8bit):1.6773302953800004
Encrypted:false
SSDEEP:192:rVEOMH7j8qamKtHAgqG+KAYi17lQV0UltmhS:tm7jRavtH65VPg0Zh
MD5:72EFF898A48FD77752BD1B5E6FA14A97
SHA1:677C7DFF3503B83D19E7F1B35204CE8331543EEE
SHA-256:3E0B650BBCE73D93DA27A0C113C6A90A89BEE3FC4832A97C46CA20D595C1DAF9
SHA-512:7F1AAF7C944E53CB35FA925951A6860BAC87D27AFE09A6E8AB7C70034EB493CED271F7E45480119FAA6F97E078F97CE37829931F43D89E8D6075B9C417599C28
Malicious:false
Preview:MDMP..a..... ..........f.........................................(..........T.......8...........T...........................|...........h...............................................................................eJ..............Lw......................T..............f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER43C8.tmp.WERInternalMetadata.xml

Download File
Process:C:\Windows\System32\WerFault.exe
File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):8518
Entropy (8bit):3.694592615805223
Encrypted:false
SSDEEP:192:R6l7wVeJXWRbWf6YC5H1agmfHL2prQ89bg81f9Am:R6lXJG9Wf6YCp1agmfHLOgmfP
MD5:A3A9C39C0D03AF0AAB8C13B579DACA94
SHA1:3735A883AFF1CC594D94E4B6530D4325353A6F13
SHA-256:C95D01DF218DA22B385BDE5502F4E7708BFFBC3274BB6E4734BAE1AF649E8BDC
SHA-512:AF44E5F7786B62E81D0FED2FB0482BC70CDDDAA45C8341D30DC4F8E259F05BC630AE1C40223786D7FDC52427CB006C5DACB874A310F44F6827EF5504EAE573F3
Malicious:false
Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.3.6.0.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER43E9.tmp.xml

Download File
Process:C:\Windows\System32\WerFault.exe
File Type:XML 1.0 document, ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):4755
Entropy (8bit):4.465351271341541
Encrypted:false
SSDEEP:48:cvIwWl8zsGWJg771I9cfWpW8VYQWYm8M4JCsCKBFDHpyq85mbZptSTShhd:uIjfzI7rO7VZJvJjpoOhhd
MD5:2EAD52F5DA7C917A9B27642DD73D0EC1
SHA1:3E22BBFBC92A614265EDF998E748A3ED5EE38FEF
SHA-256:B4D473ACA65757AD3B1D32AC4FF00D1CFC878E52A1339DE7D7CEBB246A916C87
SHA-512:BBA8BE5869D59F86A593F43AC47750AEF73C2DF21068D11299CDE1B3EF472182F818DDED1F5A4E4B726FFA68AAB8023A3AA1A34789EF8DDB8BB95803741F4B7F
Malicious:false
Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="429156" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Windows\appcompat\Programs\Amcache.hve

Download File
Process:C:\Windows\System32\WerFault.exe
File Type:MS Windows registry file, NT/2000 or above
Category:dropped
Size (bytes):1835008
Entropy (8bit):4.466379627626385
Encrypted:false
SSDEEP:6144:DIXfpi67eLPU9skLmb0b4zWSPKaJG8nAgejZMMhA2gX4WABl0uNcdwBCswSb9:UXD94zWlLZMM6YFHa+9
MD5:C2F4B8D41A806887AACFA1423E7E23F2
SHA1:C6696B4F7397DBA923A16D19E615527782264E56
SHA-256:04C35A909E0D81141C484A974D634D4F60BE624D6CD512E2BAF738D6B6C96C93
SHA-512:1C99BA019448DCC4D96FE081D7393E74E3EA8E14A557491342CB58F9D48413CDEF0E2A6F250662E96FD03692C8C89021E835A51576F7E9B97D4ED8971D4A336A
Malicious:false
Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmB./...................................................................................................................................................................................................................................................................................................................................................9.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy (8bit):6.899491835786787
TrID:
  • Win64 Dynamic Link Library (generic) (102004/3) 86.43%
  • Win64 Executable (generic) (12005/4) 10.17%
  • Generic Win/DOS Executable (2004/3) 1.70%
  • DOS Executable Generic (2002/1) 1.70%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.01%
File name:libmmd.dll.dll
File size:4'148'864 bytes
MD5:19c31c58313c58fc88cf27e77befb0c3
SHA1:b0711e10ef98b86e76ad28665285598d8809ae36
SHA256:c2684b143c3417c588a3c0ae0a9c4329e71a04fc304aa3a69eae61ede1d0b290
SHA512:97c954d009d10aed8fdbe02efe3b8d74840c2dce03da8fe5a5001d390afb4598a5bb3d74dacb740dec10e86aadc54b792bcc3c6815b2dfff036f14dace31ac86
SSDEEP:98304:0JLi7X0J2iGkPyxtZPk8joEGIbQOpv3VzGIsJQQJ:OyqCtZM8UEtb5yIs24
TLSH:B716AE82F56395D4E868607028777E83DB3ABC86023815B31BE39D6D2EB77900DFB255
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j..............fy......fy..5...fy......fy...............~.......~.......~..............}~......}~$.....}~......Rich...........

File Icon

Icon Hash:7ae282899bbab082

Static PE Info

General

Entrypoint:0x180174c8c
Entrypoint Section:.text
Digitally signed:true
Imagebase:0x180000000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Time Stamp:0x657971E2 [Wed Dec 13 08:57:06 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:6
OS Version Minor:0
File Version Major:6
File Version Minor:0
Subsystem Version Major:6
Subsystem Version Minor:0
Import Hash:9c43e43594e158938562d221466190bd

Authenticode Signature

Signature Valid:false
Signature Issuer:CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB
Signature Validation Error:The digital signature of the object did not verify
Error Number:-2146869232
Not Before, Not After
  • 02/05/2023 01:00:00 02/05/2024 00:59:59
Subject Chain
  • CN=Intel Corporation, O=Intel Corporation, S=California, C=US, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=2189074
Version:3
Thumbprint MD5:50A9AD93AF17D0A88D58FA79C00EB26A
Thumbprint SHA-1:26F9D3F3DBF410A180F808B6928766175502BCBF
Thumbprint SHA-256:7A128EAB12AEA9A3C0E89F233FD68B48F9482CF6FC0EC5BAE76CD4A615378A1C
Serial:00CB6EEC20A5EBAEA975BC3B77D18FD5B8

Entrypoint Preview

Instruction
dec eax
mov dword ptr [esp+08h], ebx
dec eax
mov dword ptr [esp+10h], esi
push edi
dec eax
sub esp, 20h
dec ecx
mov edi, eax
mov ebx, edx
dec eax
mov esi, ecx
cmp edx, 01h
jne 00007FCDB4B09C37h
call 00007FCDB4B09EF0h
dec esp
mov eax, edi
mov edx, ebx
dec eax
mov ecx, esi
dec eax
mov ebx, dword ptr [esp+30h]
dec eax
mov esi, dword ptr [esp+38h]
dec eax
add esp, 20h
pop edi
jmp 00007FCDB4B09AC4h
int3
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
dec eax
mov ebx, ecx
xor ecx, ecx
call dword ptr [0001336Bh]
dec eax
mov ecx, ebx
call dword ptr [0001335Ah]
call dword ptr [00013364h]
dec eax
mov ecx, eax
mov edx, C0000409h
dec eax
add esp, 20h
pop ebx
dec eax
jmp dword ptr [00013358h]
dec eax
mov dword ptr [esp+08h], ecx
dec eax
sub esp, 38h
mov ecx, 00000017h
call dword ptr [0001334Ch]
test eax, eax
je 00007FCDB4B09C39h
mov ecx, 00000002h
int 29h
dec eax
lea ecx, dword ptr [0022C4AAh]
call 00007FCDB4B09DFEh
dec eax
mov eax, dword ptr [esp+38h]
dec eax
mov dword ptr [0022C591h], eax
dec eax
lea eax, dword ptr [esp+38h]
dec eax
add eax, 08h
dec eax
mov dword ptr [0022C521h], eax
dec eax
mov eax, dword ptr [0022C57Ah]
dec eax
mov dword ptr [0022C3EBh], eax

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x3575b00x4f4c.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT0x35c4fc0x28.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x3f40000x3c8.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x3a30000x5550.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0x3f26000x2880
IMAGE_DIRECTORY_ENTRY_BASERELOC0x3f50000x403e
IMAGE_DIRECTORY_ENTRY_DEBUG0x353d200x54.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x353d800x138.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x1880000x278.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x1862000x186200818051dd5f4bc454c83059f32aed6dabFalse0.4215276804309516data6.534520269339557IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x1880000x1d4d520x1d4e00818123b268797eaff011629897851ac0False0.5836506098373767data6.875090602182947IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x35d0000x452d00x43a002d1c930230c79323dc90691a5ccd0ef5False0.22908964879852126data5.449861496582813IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata0x3a30000x55500x5600fd3bc5cd535f124b2aa488a72349a36dFalse0.5022256540697675data5.801047136232488IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.trace0x3a90000x498050x49a0064b584dc2eef8bb04f5d567c279870b3False0.3832402642190153data5.919557084086885IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA0x3f30000xfc0x2006c59634414675e6616fa85c4c4005be9False0.32421875data2.475378694262942IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc0x3f40000x3c80x4002b3b6b6b524fc7e5897894a62a8ba3deFalse0.4140625data3.097877128088893IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x3f50000x40380x4200978c22d1c97831bacdef87f98bf611deFalse0.4952059659090909data6.006733143474568IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

NameRVASizeTypeLanguageCountryZLIB Complexity
RT_VERSION0x3f40600x364dataEnglishUnited States0.44815668202764974

Imports

DLLImport
KERNEL32.dllGetModuleHandleA, GetProcAddress, GetThreadLocale, LoadLibraryA, FormatMessageA, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, WriteConsoleW, RtlUnwindEx, InterlockedFlushSList, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, EncodePointer, RaiseException, RtlPcToFileHeader, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, HeapFree, HeapAlloc, GetStdHandle, GetFileType, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW, GetProcessHeap, SetFilePointerEx, GetStringTypeW, SetStdHandle, HeapSize, HeapReAlloc, FlushFileBuffers, WriteFile, GetConsoleOutputCP, GetConsoleMode, CloseHandle, CreateFileW

Exports

NameOrdinalAddress
_LIB_VERSIONIMF10x18035ff20
__acosdq20x180001090
__acoshq30x180001170
__acosq40x180001250
__annuityq50x180001350
__asindq60x180001440
__asinhq70x180001520
__asinq80x180001600
__atan2dq90x180001700
__atan2q100x180001810
__atand2q110x180001920
__atandq120x180001a10
__atanhq130x180001af0
__atanq140x180001bd0
__bwr_acos150x180020eb0
__bwr_acosd160x180008bc0
__bwr_acosdf170x180003500
__bwr_acosf180x180008f30
__bwr_acosh190x180009240
__bwr_acoshf200x1800096a0
__bwr_acospi210x1800cb240
__bwr_acospif220x1800cb690
__bwr_annuity230x1800037a0
__bwr_annuityf240x1800037b0
__bwr_asin250x180020ec0
__bwr_asind260x1800098f0
__bwr_asindf270x1800038a0
__bwr_asinf280x180009cc0
__bwr_asinh290x18000a000
__bwr_asinhf300x18000a3f0
__bwr_asinpi310x1800cb880
__bwr_asinpif320x1800c87a0
__bwr_atan330x18000b210
__bwr_atan2340x18000a620
__bwr_atan2d350x180003c30
__bwr_atan2df360x180003c40
__bwr_atan2f370x18000acd0
__bwr_atan2pi380x1800c0cc0
__bwr_atan2pif390x1800c22d0
__bwr_atand400x180003e50
__bwr_atand2410x180003e60
__bwr_atand2f420x180003e70
__bwr_atandf430x180003ec0
__bwr_atanf440x18000b460
__bwr_atanh450x18000b700
__bwr_atanhf460x18000bae0
__bwr_atanpi470x1800c7270
__bwr_atanpif480x1800c9880
__bwr_cbrt490x18000bd90
__bwr_cbrtf500x18000c030
__bwr_cdfnorminv510x180004630
__bwr_cdfnorminvf520x180004640
__bwr_ceil530x18000c2e0
__bwr_ceilf540x18000c3b0
__bwr_compound550x180004ac0
__bwr_compoundf560x180004ad0
__bwr_copysign570x18000c460
__bwr_copysignf580x18000c490
__bwr_cos590x18000c4c0
__bwr_cosd600x18000cb40
__bwr_cosdf610x18000d020
__bwr_cosf620x18000d2e0
__bwr_cosh630x18000d570
__bwr_coshf640x18000d9e0
__bwr_cospi650x1800cc890
__bwr_cospif660x1800ccb00
__bwr_cot670x180004ff0
__bwr_cotd680x18000dd10
__bwr_cotdf690x18000e4b0
__bwr_cotf700x1800050e0
__bwr_erf710x1800c4f60
__bwr_erfc720x1800c55b0
__bwr_erfcf730x1800c6490
__bwr_erfcx740x1800052e0
__bwr_erfcxf750x1800052f0
__bwr_erff760x1800c5400
__bwr_erfinv770x180005300
__bwr_erfinvf780x180005310
__bwr_exp790x18000f520
__bwr_exp10800x18000e810
__bwr_exp10f810x18000eb60
__bwr_exp2820x18000ecf0
__bwr_exp2f830x18000f210
__bwr_expf840x18000f840
__bwr_expm1850x18000fa80
__bwr_expm1f860x18000fe30
__bwr_fabs870x180005730
__bwr_fabsf880x180005740
__bwr_fdim890x180010150
__bwr_fdimf900x180010290
__bwr_floor910x1800103a0
__bwr_floorf920x180010470
__bwr_fma930x180010510
__bwr_fmaf940x180010f60
__bwr_fmax950x1800114d0
__bwr_fmaxf960x180011530
__bwr_fmin970x180011580
__bwr_fminf980x1800115e0
__bwr_fmod990x180011630
__bwr_fmodf1000x1800117f0
__bwr_frexp1010x180011810
__bwr_frexpf1020x180005e80
__bwr_gamma1030x180011da0
__bwr_gamma_r1040x180013170
__bwr_gammaf1050x180013660
__bwr_gammaf_r1060x180014470
__bwr_hypot1070x1800118b0
__bwr_hypotf1080x1800119e0
__bwr_ilogb1090x180011b00
__bwr_ilogbf1100x180006070
__bwr_invsqrt1110x180006080
__bwr_invsqrtf1120x180006090
__bwr_j01130x1800060d0
__bwr_j0f1140x1800060e0
__bwr_j11150x1800060f0
__bwr_j1f1160x180006100
__bwr_jn1170x180006110
__bwr_jnf1180x180006120
__bwr_ldexp1190x180011be0
__bwr_ldexpf1200x1800061b0
__bwr_lgamma1210x180011da0
__bwr_lgamma_r1220x180013170
__bwr_lgammaf1230x180013660
__bwr_lgammaf_r1240x180014470
__bwr_llrint1250x180014770
__bwr_llrintf1260x180014820
__bwr_llround1270x1800148c0
__bwr_llroundf1280x1800149c0
__bwr_log1290x180015be0
__bwr_log101300x180014ab0
__bwr_log10f1310x180014d30
__bwr_log1p1320x180014f80
__bwr_log1pf1330x180015540
__bwr_log21340x180015650
__bwr_log2f1350x1800158c0
__bwr_logb1360x180015af0
__bwr_logbf1370x180006730
__bwr_logf1380x180015e70
__bwr_lrint1390x180016080
__bwr_lrintf1400x180016120
__bwr_lround1410x1800161c0
__bwr_lroundf1420x180016300
__bwr_modf1430x1800163f0
__bwr_modff1440x180006c30
__bwr_nearbyint1450x1800164e0
__bwr_nearbyintf1460x180016860
__bwr_nextafter1470x180016a80
__bwr_nextafterf1480x180016c20
__bwr_nexttoward1490x180016db0
__bwr_nexttowardf1500x180016fb0
__bwr_pow1510x1800171b0
__bwr_pow2o31520x1800bff20
__bwr_pow2o3f1530x1800c0280
__bwr_pow3o21540x1800c0520
__bwr_pow3o2f1550x1800c0960
__bwr_powf1560x180017da0
__bwr_powr1570x1800c3440
__bwr_powrf1580x1800c4300
__bwr_remainder1590x1800184f0
__bwr_remainderf1600x180018960
__bwr_remquo1610x180007470
__bwr_remquof1620x180007480
__bwr_rint1630x180018980
__bwr_rintf1640x1800189b0
__bwr_round1650x1800189e0
__bwr_roundf1660x180018b00
__bwr_scalb1670x180018bd0
__bwr_scalbf1680x1800076d0
__bwr_scalbln1690x180018eb0
__bwr_scalblnf1700x180007760
__bwr_scalbn1710x180019070
__bwr_scalbnf1720x1800077f0
__bwr_significand1730x180019230
__bwr_significandf1740x1800192b0
__bwr_sin1750x180019300
__bwr_sincos1760x180019990
__bwr_sincosd1770x180019e70
__bwr_sincosdf1780x180019eb0
__bwr_sincosf1790x18001a200
__bwr_sincospi1800x1800cbd40
__bwr_sincospif1810x1800cc1b0
__bwr_sind1820x18001a450
__bwr_sindf1830x18001aa80
__bwr_sinf1840x18001ad60
__bwr_sinh1850x18001afe0
__bwr_sinhcosh1860x18001b500
__bwr_sinhcoshf1870x18001baa0
__bwr_sinhf1880x18001bf10
__bwr_sinpi1890x1800cc400
__bwr_sinpif1900x1800cc6e0
__bwr_sqrt1910x180008b50
__bwr_sqrtf1920x18001c2b0
__bwr_tan1930x18001c330
__bwr_tand1940x18001cb50
__bwr_tandf1950x18001d310
__bwr_tanf1960x18001d680
__bwr_tanh1970x18001d940
__bwr_tanhf1980x18001de10
__bwr_tanpi1990x1800bf720
__bwr_tanpif2000x1800bfb10
__bwr_tgamma2010x1800085e0
__bwr_tgammaf2020x1800085f0
__bwr_trunc2030x18001e110
__bwr_truncf2040x180008670
__bwr_y02050x18001ed60
__bwr_y0f2060x180008690
__bwr_y12070x18001f690
__bwr_y1f2080x1800086b0
__bwr_yn2090x18001f7e0
__bwr_ynf2100x180020210
__cabsq2110x180166d00
__cacoshq2120x180166d60
__cacosq2130x180167b30
__cargq2140x180167bd0
__casinhq2150x180167c30
__casinq2160x1801689b0
__catanhq2170x180168a40
__catanq2180x180169770
__cbrtq2190x180001cb0
__ccoshq2200x180169800
__ccosq2210x1801699c0
__ceilq2220x180154b30
__cexp10q2230x180169db0
__cexp2q2240x180169eb0
__cexpm1q2250x180169fb0
__cexpq2260x18016a430
__cimagq2270x18016a9e0
__cisdq2280x18016a9f0
__cisq2290x18016aa40
__clog10q2300x18016aa90
__clog1pq2310x18016ac00
__clog2q2320x18016ad50
__clog_f902330x1800d7130
__clogf_f902340x1800d71b0
__clogq2350x18016aec0
__clogq_f902360x1800d71f0
__compoundq2370x180001db0
__conjq2380x18016af70
__copysignq2390x180154d20
__cosdq2400x180001ea0
__coshq2410x180001f80
__cosq2420x180002060
__cotdq2430x180002140
__cotq2440x180002220
__cpowq2450x18016afa0
__cprojq2460x18016b130
__crealq2470x18016b1f0
__csinhq2480x18016b200
__csinq2490x18016b3f0
__csqrt_f902500x1800d7280
__csqrtf_f902510x1800d7300
__csqrtq2520x18016b810
__csqrtq_f902530x1800d7340
__ctanhq2540x18016c660
__ctanq2550x18016cc00
__dremq2560x1800dfad0
__erfcq2570x1800ddc30
__erfcxq2580x1800ddc90
__erfq2590x1800dd8d0
__exp10q2600x180002300
__exp2q2610x1800023e0
__expm1q2620x1800024c0
__expq2630x1800025a0
__fabsq2640x180154d50
__fdimq2650x180154e20
__finite2660x1800a1490
__finited2670x1800a1490
__finitef2680x1800ae000
__finitel2690x1800ae020
__floorq2700x180155b40
__fmaq2710x180155d20
__fmaxq2720x180157360
__fminq2730x180157550
__fmodq2740x1800df400
__fpclassify2750x1800adeb0
__fpclassifyd2760x1800adeb0
__fpclassifyf2770x1800adf10
__fpclassifyl2780x1800adf50
__fpclassifyq2790x180166bb0
__frexpq2800x180157740
__gammaq2810x1800ded70
__gammaq_r2820x1801579a0
__hypotq2830x1800026a0
__ilogbq2840x1801579f0
__invsqrtq2850x180002790
__isfinite2860x1800a1490
__isfinited2870x1800a1490
__isfinitef2880x1800ae000
__isfinitel2890x1800ae020
__isfiniteq2900x180166c20
__isgreater2910x1800ae0b0
__isgreaterequal2920x1800ae1e0
__isgreaterequalf2930x1800ae1a0
__isgreaterequall2940x1800ae230
__isgreaterequalq2950x1801668c0
__isgreaterf2960x1800ae070
__isgreaterl2970x1800ae100
__isgreaterq2980x180166810
__isinf2990x1800ae2d0
__isinfd3000x1800ae2d0
__isinff3010x1800ae310
__isinfl3020x1800ae340
__isinfq3030x180166c40
__isless3040x1800ae3f0
__islessequal3050x1800ae520
__islessequalf3060x1800ae4e0
__islessequall3070x1800ae570
__islessequalq3080x180166a20
__islessf3090x1800ae3b0
__islessgreater3100x1800ae650
__islessgreaterf3110x1800ae610
__islessgreaterl3120x1800ae6a0
__islessgreaterq3130x180166ad0
__islessl3140x1800ae440
__islessq3150x180166970
__isnan3160x1800ae740
__isnand3170x1800ae740
__isnanf3180x1800ae770
__isnanl3190x1800ae790
__isnanq3200x180166c80
__isnormal3210x1800ae7f0
__isnormald3220x1800ae7f0
__isnormalf3230x1800ae820
__isnormall3240x1800ae840
__isnormalq3250x180166cc0
__isunordered3260x1800ae8b0
__isunorderedf3270x1800ae8f0
__isunorderedl3280x1800ae920
__isunorderedq3290x180166b60
__j0q3300x1800dc990
__j1q3310x1800dcb90
__jnq3320x1800dcc10
__ldexpq3330x180157bc0
__lgammaq3340x1800ded70
__lgammaq_r3350x1801579a0
__libm128_nexttoward1283360x1801642b0
__libm128_nexttoward128f3370x180164060
__libm128_nexttoward128l3380x180164500
__libm_f_pow2i3390x1800d9cc0
__libm_f_powc16i83400x1800d9ce0
__libm_f_powc32i83410x1800dbb90
__libm_f_powc8i83420x1800d9ee0
__libm_f_powcc3430x1800da0c0
__libm_f_powci3440x1800da120
__libm_f_powdd3450x1800da140
__libm_f_powdi3460x1800da150
__libm_f_powi8i43470x1800da1e0
__libm_f_powi8i83480x1800da270
__libm_f_powii3490x1800da300
__libm_f_powji3500x1800da370
__libm_f_powr16i83510x1800dc110
__libm_f_powr4i83520x1800da400
__libm_f_powr8i83530x1800da5c0
__libm_f_powri3540x1800da7a0
__libm_f_powrr3550x1800da8f0
__libm_f_powzi3560x1800da900
__libm_f_powzz3570x1800da950
__libm_flt_rounds3580x1800ad120
__libm_logl3590x1800067b0
__libm_nexttoward643600x18007c830
__libm_nexttoward64f3610x18007c9d0
__libm_nexttoward64l3620x18007cba0
__libm_pow_bb3630x1800da9b0
__libm_pow_cc_val3640x1800da9c0
__libm_pow_ci3650x1800daa70
__libm_pow_ci_val3660x1800daa80
__libm_pow_cr_val3670x1800dab10
__libm_pow_dd3680x1800daba0
__libm_pow_di_val3690x1800da150
__libm_pow_dz_val3700x1800dabc0
__libm_pow_hh3710x1800daca0
__libm_pow_ii_val3720x1800dacb0
__libm_pow_rc_val3730x1800dad20
__libm_pow_ri_val3740x1800dadb0
__libm_pow_zd_val3750x1800dadd0
__libm_pow_zi_val3760x1800dae70
__libm_pow_zz_val3770x1800db0a0
__libm_setusermatherr3780x1800aed80
__libm_setusermatherrf3790x1800aed60
__libm_setusermatherrl3800x1800aeda0
__libm_sse2_sincos3810x180073b70
__libm_sse2_sincosf3820x180073f20
__llrintq3830x180161e80
__llroundq3840x180162570
__log10q3850x180002870
__log1pq3860x180002950
__log2q3870x180002a30
__logbq3880x180162850
__logq3890x180002b10
__lrintq3900x180162b70
__lroundq3910x180163090
__modfq3920x180163310
__nanq3930x1801635f0
__nearbyintq3940x180163620
__nextafterq3950x1801639c0
__nexttowardq3960x180163ce0
__nintq3970x1800e06f0
__pow_eq3980x1800de690
__powc16i43990x1800d73d0
__powc16i84000x1800d7670
__powc32i44010x1800d7920
__powc32i84020x1800d8270
__powc8i44030x1800d8bc0
__powc8i84040x1800d8e50
__powi4i44050x1800d90f0
__powi8i84060x1800d9170
__powi_eq4070x1800dfdb0
__powiq4080x1800dfbc0
__powq4090x180002c10
__powr10i44100x1800d91f0
__powr10i84110x1800d92c0
__powr16i44120x1800d9390
__powr16i84130x1800d9670
__powr4i44140x1800d9970
__powr4i84150x1800d9a20
__powr8i44160x1800d9ad0
__powr8i84170x1800d9bc0
__remainderq4180x1800dfad0
__remquoq4190x1800dfb40
__rintq4200x180164820
__roundq4210x180164c20
__rsqrtq4220x1800e02a0
__scalblnq4230x180164e10
__scalbnq4240x180165460
__scalbq4250x180165ab0
__signbit4260x1800ae9b0
__signbitd4270x1800ae9b0
__signbitf4280x1800ae9c0
__signbitl4290x1800ae9d0
__signbitq4300x180166cf0
__signgamq4310x1803a0a44
__significandq4320x180166380
__sincosdq4330x180002d00
__sincosq4340x180002dd0
__sindq4350x180002ea0
__sinhcoshq4360x180002f80
__sinhq4370x180003050
__sinq4380x180003130
__sqrtq4390x1800e01e0
__tandq4400x180003210
__tanhq4410x1800032f0
__tanq4420x1800033d0
__tgammaq4430x1801665a0
__truncq4440x1801666b0
__y0q4450x1800dcc80
__y1q4460x1800dcd40
__ynq4470x1800dcdc0
acos4480x180003480
acosd4490x1800034f0
acosdf4500x180003500
acosdf164510x1800d6a00
acosdl4520x180021fe0
acosf4530x180003570
acosf164540x1800d66f0
acosh4550x1800035e0
acoshf4560x180003650
acoshf164570x1800d6120
acoshl4580x180003660
acosl4590x180003690
acospi4600x180003720
acospif4610x180003790
acospif164620x1800d6b70
annuity4630x1800037a0
annuityf4640x1800037b0
annuityf164650x1800d6d00
annuityl4660x180025fe0
asin4670x180003820
asind4680x180003890
asindf4690x1800038a0
asindf164700x1800d6a20
asindl4710x1800298b0
asinf4720x180003910
asinf164730x1800d6710
asinh4740x180003980
asinhf4750x1800039f0
asinhf164760x1800d6140
asinhl4770x180003a00
asinl4780x180003a30
asinpi4790x180003ac0
asinpif4800x180003b30
asinpif164810x1800d6b90
atan4820x180003ba0
atan24830x180003c20
atan2d4840x180003c30
atan2df4850x180003c40
atan2df164860x1800d6a60
atan2dl4870x180003c50
atan2f4880x180003d00
atan2f164890x1800d67b0
atan2l4900x180003d10
atan2pi4910x180003dc0
atan2pif4920x180003e40
atan2pif164930x1800d6f80
atand4940x180003e50
atand24950x180003e60
atand2f4960x180003e70
atand2l4970x180003e80
atandf4980x180003ec0
atandf164990x1800d6a40
atandl5000x1800300d0
atanf5010x180003f30
atanf165020x1800d6730
atanh5030x180003fa0
atanhf5040x180004010
atanhf165050x1800d6750
atanhl5060x180004020
atanl5070x180004050
atanpi5080x1800040e0
atanpif5090x180004150
atanpif165100x1800d6fb0
cabs5110x18009a910
cabsf5120x18009a930
cabsl5130x1800a43a0
cacos5140x180004160
cacosf5150x18009b070
cacosh5160x1800041b0
cacoshf5170x18009b870
cacoshl5180x1800a43e0
cacosl5190x180004200
carg5200x18009b920
cargf5210x18009b940
cargl5220x180004260
casin5230x18009b970
casinf5240x18009ba30
casinh5250x1800042c0
casinhf5260x180004310
casinhl5270x180004320
casinl5280x1800a5290
catan5290x18009c260
catanf5300x18009c320
catanh5310x180004380
catanhf5320x1800043d0
catanhl5330x1800043e0
catanl5340x1800a7af0
cbrt5350x1800044a0
cbrtf5360x180004510
cbrtf165370x1800d68a0
cbrtl5380x180004520
ccos5390x18009cbe0
ccosf5400x18009cc70
ccosh5410x180004550
ccoshf5420x1800045a0
ccoshl5430x1800045b0
ccosl5440x1800a8360
cdfnorm5450x180004610
cdfnormf5460x180004620
cdfnorminv5470x180004630
cdfnorminvf5480x180004640
cdfnorminvf165490x1800d6d50
ceil5500x1800046b0
ceilf5510x180004720
ceilf165520x1800d63c0
ceill5530x18003adb0
cexp5540x1800047c0
cexp105550x180004890
cexp10f5560x180004880
cexp10l5570x1800048e0
cexp25580x180004950
cexp2f5590x180004940
cexp2l5600x1800049a0
cexpf5610x18009e590
cexpl5620x180004820
cimag5630x18009ed50
cimagf5640x18009ed60
cimagl5650x1800a9890
cis5660x18009ed70
cisd5670x18009edc0
cisdf5680x18009ee10
cisdl5690x1800a98a0
cisf5700x18009ee60
cisl5710x1800a9900
clog5720x180004a00
clog105730x18009eeb0
clog10f5740x18009f6e0
clog10l5750x1800a9960
clog25760x18009f760
clog2f5770x18009ff80
clog2l5780x1800aa2d0
clogf5790x180004a50
clogl5800x180004a60
compound5810x180004ac0
compoundf5820x180004ad0
compoundf165830x1800d6d70
compoundl5840x18003bc80
conj5850x1800a15e0
conjf5860x1800a1600
conjl5870x1800ab550
copysign5880x180004b50
copysignf5890x180004bd0
copysignf165900x1800d64f0
copysignl5910x18003c890
cos5920x180004c40
cosd5930x180004cb0
cosdf5940x180004d20
cosdf165950x1800d6ac0
cosdl5960x180004d30
cosf5970x180004dc0
cosf165980x1800d6100
cosh5990x180004e30
coshf6000x180004ea0
coshf166010x1800d6770
coshl6020x180004eb0
cosl6030x180004ee0
cospi6040x180004f70
cospif6050x180004fe0
cospif166060x1800d6fd0
cot6070x180004ff0
cotd6080x180005060
cotdf6090x1800050d0
cotdf166100x1800d6ae0
cotdl6110x180042500
cotf6120x1800050e0
cotf166130x1800d6970
cotl6140x180043240
cpow6150x1800a1620
cpowf6160x1800a23f0
cpowl6170x1800ad070
cproj6180x1800a24a0
cprojf6190x1800a2500
cprojl6200x1800ab570
creal6210x1800a2560
crealf6220x1800a2570
creall6230x1800ab630
csin6240x1800a2580
csinf6250x1800a2640
csinh6260x1800050f0
csinhf6270x180005140
csinhl6280x180005150
csinl6290x1800abcd0
csqrt6300x1800051b0
csqrtf6310x180005200
csqrtl6320x1800abe20
ctan6330x1800a3a10
ctanf6340x1800a3ad0
ctanh6350x180005210
ctanhf6360x180005260
ctanhl6370x180005270
ctanl6380x1800acf20
erf6390x180008980
erfc6400x180008a60
erfcf6410x1800089f0
erfcf166420x1800d6360
erfcinv6430x180044690
erfcinvf6440x1800052d0
erfcl6450x18004a5e0
erfcx6460x1800052e0
erfcxf6470x1800052f0
erff6480x180008910
erff166490x1800d68f0
erfinv6500x180005300
erfinvf6510x180005310
erfinvf166520x1800d6da0
erfinvl6530x18004d030
erfl6540x18004caf0
exp6550x180005380
exp106560x1800053f0
exp10f6570x180005460
exp10f166580x1800d6c20
exp10l6590x180005470
exp26600x180005500
exp2f6610x180005570
exp2f166620x1800d6800
exp2l6630x180005580
expf6640x180005610
expf166650x1800d6180
expl6660x180005620
expm16670x1800056b0
expm1f6680x180005720
expm1f166690x1800d61a0
expm1l6700x180051ea0
f_pow2i6710x1800d9cc0
f_powc16i86720x1800d9ce0
f_powc32i86730x1800dbb90
f_powc8i86740x1800d9ee0
f_powcc6750x1800da0c0
f_powci6760x1800da120
f_powdd6770x1800da140
f_powdi6780x1800da150
f_powi8i46790x1800db1e0
f_powi8i86800x1800db270
f_powii6810x1800db300
f_powji6820x1800db370
f_powr16i86830x1800dc430
f_powr4i86840x1800db400
f_powr8i86850x1800db5c0
f_powri6860x1800db7a0
f_powrr6870x1800da8f0
f_powzi6880x1800da900
f_powzz6890x1800da950
fabs6900x180005730
fabsf6910x180005740
fabsf166920x1800d62e0
fabsl6930x180005750
fdim6940x1800057f0
fdimf6950x180005870
fdimf166960x1800d6590
fdiml6970x180052990
feclearexcept6980x1800ad170
fedisableexcept6990x1800ad200
feenableexcept7000x1800ad2e0
fegetenv7010x180005880
fegetexcept7020x1800ad5c0
fegetexceptflag7030x1800ad640
fegetround7040x180005890
feholdexcept7050x1800ad720
feraiseexcept7060x1800058a0
fesetenv7070x1800058b0
fesetexceptflag7080x1800adc10
fesetround7090x1800058c0
fetestexcept7100x1800058d0
feupdateenv7110x1800ade70
finite7120x1800a1490
finited7130x1800a1490
finitef7140x1800ae000
finitef167150x1800d7030
finitel7160x1800ae020
floor7170x180005940
floorf7180x1800059b0
floorf167190x1800d63e0
floorl7200x180052e30
fma7210x180005a50
fmaf7220x180005af0
fmaf167230x1800d6600
fmal7240x180055000
fmax7250x180005b70
fmaxf7260x180005bf0
fmaxf167270x1800d65c0
fmaxl7280x180055ea0
fmin7290x180005c70
fminf7300x180005cf0
fminf167310x1800d65e0
fminl7320x180056070
fmod7330x180005d70
fmodf7340x180005df0
fmodf167350x1800d6910
fmodl7360x180056b50
fpclassify7370x1800adeb0
fpclassifyd7380x1800adeb0
fpclassifyf7390x1800adf10
fpclassifyf167400x1800d7050
fpclassifyl7410x1800adf50
frexp7420x180005e70
frexpf7430x180005e80
frexpf167440x1800d61c0
frexpl7450x180005e90
gamma7460x18005c6e0
gamma_r7470x18005e800
gammaf7480x18005ecf0
gammaf167490x1800d6380
gammaf16_r7500x1800d6de0
gammaf_r7510x18005fcd0
gammal7520x18005ffd0
gammal_r7530x1800619c0
hypot7540x180005f30
hypotf7550x180005fb0
hypotf167560x1800d6300
hypotl7570x180005fc0
ilogb7580x180006060
ilogbf7590x180006070
ilogbf167600x1800d61e0
ilogbl7610x1800580e0
invsqrt7620x180006080
invsqrtf7630x180006090
invsqrtf167640x1800d6c70
invsqrtl7650x1800060a0
isfinite7660x1800a1490
isfinited7670x1800a1490
isfinitef7680x1800ae000
isfinitef167690x1800d7030
isfinitel7700x1800ae020
isgreater7710x1800ae0b0
isgreaterequal7720x1800ae1e0
isgreaterequalf7730x1800ae1a0
isgreaterequalf167740x1800d6650
isgreaterequall7750x1800ae230
isgreaterf7760x1800ae070
isgreaterf167770x1800d6630
isgreaterl7780x1800ae100
isinf7790x1800ae2d0
isinfd7800x1800ae2d0
isinff7810x1800ae310
isinff167820x1800d70b0
isinfl7830x1800ae340
isless7840x1800ae3f0
islessequal7850x1800ae520
islessequalf7860x1800ae4e0
islessequalf167870x1800d6690
islessequall7880x1800ae570
islessf7890x1800ae3b0
islessf167900x1800d6670
islessgreater7910x1800ae650
islessgreaterf7920x1800ae610
islessgreaterf167930x1800d66b0
islessgreaterl7940x1800ae6a0
islessl7950x1800ae440
isnan7960x1800ae740
isnand7970x1800ae740
isnanf7980x1800ae770
isnanf167990x1800d70e0
isnanl8000x1800ae790
isnormal8010x1800ae7f0
isnormald8020x1800ae7f0
isnormalf8030x1800ae820
isnormalf168040x1800d7110
isnormall8050x1800ae840
isunordered8060x1800ae8b0
isunorderedf8070x1800ae8f0
isunorderedf168080x1800d66d0
isunorderedl8090x1800ae920
j08100x1800060d0
j0f8110x1800060e0
j0f168120x1800d6e00
j0l8130x180059180
j18140x1800060f0
j1f8150x180006100
j1f168160x1800d6e20
j1l8170x180059f10
jn8180x180006110
jnf8190x180006120
jnf168200x1800d6e40
jnl8210x18005bd60
ldexp8220x1800061a0
ldexpf8230x1800061b0
ldexpf168240x1800d61f0
ldexpl8250x18005c310
lgamma8260x18005c6e0
lgamma_r8270x18005e800
lgammaf8280x18005ecf0
lgammaf168290x1800d6380
lgammaf16_r8300x1800d6de0
lgammaf_r8310x18005fcd0
lgammal8320x18005ffd0
lgammal_r8330x1800619c0
llrint8340x180006220
llrintf8350x180006290
llrintf168360x1800d6450
llrintl8370x1800753e0
llround8380x180006300
llroundf8390x180006370
llroundf168400x1800d6490
llroundl8410x180075930
log8420x1800063e0
log108430x180006450
log10f8440x1800064c0
log10f168450x1800d6840
log10l8460x1800765b0
log1p8470x180006530
log1pf8480x1800065a0
log1pf168490x1800d6860
log1pl8500x1800065b0
log28510x180006640
log2f8520x1800066b0
log2f168530x1800d6880
log2l8540x180078180
logb8550x180006720
logbf8560x180006730
logbf168570x1800d6210
logbl8580x180078dd0
logf8590x1800067a0
logf168600x1800d6820
logl8610x1800067b0
lrint8620x180006840
lrintf8630x1800068b0
lrintf168640x1800d6440
lrintl8650x180079990
lround8660x180006920
lroundf8670x180006990
lroundf168680x1800d6480
lroundl8690x180079e50
matherr8700x1800069a0
matherrf8710x1800069a0
matherrl8720x1800069a0
maxmag8730x180006a20
maxmagf8740x180006aa0
maxmagf168750x1800d6ee0
minmag8760x180006b20
minmagf8770x180006ba0
minmagf168780x1800d6f10
modf8790x180006c20
modff8800x180006c30
modff168810x1800d6230
modfl8820x18007a2c0
nan8830x18007a4b0
nanf8840x18007a490
nanf168850x1800d6510
nanl8860x18007a4f0
nearbyint8870x180006ca0
nearbyintf8880x180006d10
nearbyintf168890x1800d6400
nearbyintl8900x180006d20
nextafter8910x180006dc0
nextafterf8920x180006e40
nextafterf168930x1800d6530
nextafterl8940x18007bb50
nexttoward8950x180006ec0
nexttowardf8960x180006f50
nexttowardf168970x1800d6560
nexttowardl8980x18007c500
pow8990x180006fe0
pow2o39000x180007050
pow2o3f9010x1800070c0
pow2o3f169020x1800d6c90
pow3o29030x180007130
pow3o2f9040x1800071a0
pow3o2f169050x1800d6cb0
pow_bb9060x1800da9b0
pow_cc_val9070x1800da9c0
pow_ci9080x1800daa70
pow_ci_val9090x1800daa80
pow_cr_val9100x1800dab10
pow_dd9110x1800daba0
pow_di_val9120x1800da150
pow_dz_val9130x1800dabc0
pow_hh9140x1800daca0
pow_ii_val9150x1800db8f0
pow_rc_val9160x1800dad20
pow_ri_val9170x1800dadb0
pow_zd_val9180x1800dadd0
pow_zi_val9190x1800db960
pow_zz_val9200x1800db0a0
powf9210x180007220
powf169220x1800d68c0
powl9230x180007230
powr9240x1800072e0
powrf9250x180007360
powrf169260x1800d6cd0
remainder9270x1800073e0
remainderf9280x180007460
remainderf169290x1800d6940
remainderl9300x1800815d0
remquo9310x180007470
remquof9320x180007480
remquof169330x1800d64c0
remquol9340x180081e90
rint9350x1800074f0
rintf9360x180007560
rintf169370x1800d6420
rintl9380x180082950
round9390x1800075d0
roundf9400x180007640
roundf169410x1800d6460
roundl9420x180082d10
scalb9430x1800076c0
scalbf9440x1800076d0
scalbf169450x1800d6c40
scalbl9460x180083750
scalbln9470x180007750
scalblnf9480x180007760
scalblnf169490x1800d62c0
scalblnl9500x1800841e0
scalbn9510x1800077e0
scalbnf9520x1800077f0
scalbnf169530x1800d62a0
scalbnl9540x180084a60
signbit9550x1800ae9b0
signbitd9560x1800ae9b0
signbitf9570x1800ae9c0
signbitl9580x1800ae9d0
signgam9590x18035fe88
signgamq9600x1803a0a48
significand9610x180007860
significandf9620x1800078d0
significandf169630x1800d6ec0
significandl9640x180084e70
sin9650x180007940
sincos9660x1800079c0
sincosd9670x180007a40
sincosdf9680x180007ac0
sincosdf169690x1800d6b00
sincosdl9700x180007ad0
sincosf9710x180007b60
sincosf169720x1800d6990
sincosl9730x180007b70
sincospi9740x180007c00
sincospif9750x180007c80
sind9760x180007cf0
sindf9770x180007d60
sindf169780x1800d6f40
sindl9790x180007d70
sinf9800x180007e00
sinf169810x1800d60e0
sinh9820x180007e70
sinhcosh9830x180007ef0
sinhcoshf9840x180007f70
sinhcoshf169850x1800d6bb0
sinhcoshl9860x180007f80
sinhf9870x180008000
sinhf169880x1800d6160
sinhl9890x180008010
sinl9900x180008040
sinpi9910x1800080d0
sinpif9920x180008140
sinpif169930x1800d6ff0
sqrt9940x180008150
sqrtf9950x1800081c0
sqrtf169960x1800d6330
sqrtl9970x1800081d0
tan9980x180008260
tand9990x1800082d0
tandf10000x180008340
tandf1610010x1800d6f60
tandl10020x180091170
tanf10030x1800083b0
tanf1610040x1800d67e0
tanh10050x180008420
tanhf10060x180008490
tanhf1610070x1800d6790
tanhl10080x1800084a0
tanl10090x1800084d0
tanpi10100x180008560
tanpif10110x1800085d0
tanpif1610120x1800d7010
tgamma10130x1800085e0
tgammaf10140x1800085f0
tgammaf1610150x1800d63a0
tgammal10160x1800951c0
trunc10170x180008660
truncf10180x180008670
truncf1610190x1800d64a0
truncl10200x180096940
y010210x180008680
y0f10220x180008690
y0f1610230x1800d6e60
y0l10240x180097ea0
y110250x1800086a0
y1f10260x1800086b0
y1f1610270x1800d6e80
y1l10280x180099070
yn10290x1800086c0
ynf10300x1800086d0
ynf1610310x1800d6ea0
ynl10320x18009a700

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:05:33:56
Start date:27/07/2024
Path:C:\Windows\System32\loaddll64.exe
Wow64 process (32bit):false
Commandline:loaddll64.exe "C:\Users\user\Desktop\libmmd.dll.dll"
Imagebase:0x7ff7807a0000
File size:165'888 bytes
MD5 hash:763455F9DCB24DFEECC2B9D9F8D46D52
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:false

General

Target ID:1
Start time:05:33:56
Start date:27/07/2024
Path:C:\Windows\System32\conhost.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:0x7ff7699e0000
File size:862'208 bytes
MD5 hash:0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:false

General

Target ID:2
Start time:05:33:56
Start date:27/07/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",#1
Imagebase:0x7ff6a6950000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

General

Target ID:3
Start time:05:33:56
Start date:27/07/2024
Path:C:\Windows\System32\rundll32.exe
Wow64 process (32bit):false
Commandline:rundll32.exe C:\Users\user\Desktop\libmmd.dll.dll,_LIB_VERSIONIMF
Imagebase:0x7ff633fb0000
File size:71'680 bytes
MD5 hash:EF3179D498793BF4234F708D3BE28633
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

General

Target ID:4
Start time:05:33:56
Start date:27/07/2024
Path:C:\Windows\System32\rundll32.exe
Wow64 process (32bit):false
Commandline:rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",#1
Imagebase:0x7ff633fb0000
File size:71'680 bytes
MD5 hash:EF3179D498793BF4234F708D3BE28633
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

General

Target ID:8
Start time:05:33:56
Start date:27/07/2024
Path:C:\Windows\System32\WerFault.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\WerFault.exe -u -p 5572 -s 328
Imagebase:0x7ff6bbf10000
File size:570'736 bytes
MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

General

Target ID:9
Start time:05:33:56
Start date:27/07/2024
Path:C:\Windows\System32\WerFault.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\WerFault.exe -u -p 5180 -s 328
Imagebase:0x7ff6bbf10000
File size:570'736 bytes
MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

General

Target ID:10
Start time:05:33:59
Start date:27/07/2024
Path:C:\Windows\System32\rundll32.exe
Wow64 process (32bit):false
Commandline:rundll32.exe C:\Users\user\Desktop\libmmd.dll.dll,__acosdq
Imagebase:0x7ff633fb0000
File size:71'680 bytes
MD5 hash:EF3179D498793BF4234F708D3BE28633
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

General

Target ID:12
Start time:05:33:59
Start date:27/07/2024
Path:C:\Windows\System32\WerFault.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\WerFault.exe -u -p 7212 -s 328
Imagebase:0x7ff6bbf10000
File size:570'736 bytes
MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

General

Target ID:13
Start time:05:34:02
Start date:27/07/2024
Path:C:\Windows\System32\rundll32.exe
Wow64 process (32bit):false
Commandline:rundll32.exe C:\Users\user\Desktop\libmmd.dll.dll,__acoshq
Imagebase:0x7ff633fb0000
File size:71'680 bytes
MD5 hash:EF3179D498793BF4234F708D3BE28633
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

General

Target ID:15
Start time:05:34:02
Start date:27/07/2024
Path:C:\Windows\System32\WerFault.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\WerFault.exe -u -p 7360 -s 320
Imagebase:0x7ff6bbf10000
File size:570'736 bytes
MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

General

Target ID:16
Start time:05:34:05
Start date:27/07/2024
Path:C:\Windows\System32\rundll32.exe
Wow64 process (32bit):false
Commandline:rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",_LIB_VERSIONIMF
Imagebase:0x7ff633fb0000
File size:71'680 bytes
MD5 hash:EF3179D498793BF4234F708D3BE28633
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

General

Target ID:17
Start time:05:34:05
Start date:27/07/2024
Path:C:\Windows\System32\rundll32.exe
Wow64 process (32bit):false
Commandline:rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",__acosdq
Imagebase:0x7ff633fb0000
File size:71'680 bytes
MD5 hash:EF3179D498793BF4234F708D3BE28633
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:18
Start time:05:34:05
Start date:27/07/2024
Path:C:\Windows\System32\rundll32.exe
Wow64 process (32bit):false
Commandline:rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",__acoshq
Imagebase:0x7ff633fb0000
File size:71'680 bytes
MD5 hash:EF3179D498793BF4234F708D3BE28633
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:19
Start time:05:34:05
Start date:27/07/2024
Path:C:\Windows\System32\rundll32.exe
Wow64 process (32bit):false
Commandline:rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",ynl
Imagebase:0x7ff633fb0000
File size:71'680 bytes
MD5 hash:EF3179D498793BF4234F708D3BE28633
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:20
Start time:05:34:05
Start date:27/07/2024
Path:C:\Windows\System32\rundll32.exe
Wow64 process (32bit):false
Commandline:rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",ynf16
Imagebase:0x7ff633fb0000
File size:71'680 bytes
MD5 hash:EF3179D498793BF4234F708D3BE28633
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:21
Start time:05:34:05
Start date:27/07/2024
Path:C:\Windows\System32\rundll32.exe
Wow64 process (32bit):false
Commandline:rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",ynf
Imagebase:0x7ff633fb0000
File size:71'680 bytes
MD5 hash:EF3179D498793BF4234F708D3BE28633
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:22
Start time:05:34:05
Start date:27/07/2024
Path:C:\Windows\System32\rundll32.exe
Wow64 process (32bit):false
Commandline:rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",yn
Imagebase:0x7ff633fb0000
File size:71'680 bytes
MD5 hash:EF3179D498793BF4234F708D3BE28633
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:23
Start time:05:34:05
Start date:27/07/2024
Path:C:\Windows\System32\rundll32.exe
Wow64 process (32bit):false
Commandline:rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y1l
Imagebase:0x7ff633fb0000
File size:71'680 bytes
MD5 hash:EF3179D498793BF4234F708D3BE28633
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:24
Start time:05:34:05
Start date:27/07/2024
Path:C:\Windows\System32\rundll32.exe
Wow64 process (32bit):false
Commandline:rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y1f16
Imagebase:0x7ff633fb0000
File size:71'680 bytes
MD5 hash:EF3179D498793BF4234F708D3BE28633
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:25
Start time:05:34:05
Start date:27/07/2024
Path:C:\Windows\System32\rundll32.exe
Wow64 process (32bit):false
Commandline:rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y1f
Imagebase:0x7ff633fb0000
File size:71'680 bytes
MD5 hash:EF3179D498793BF4234F708D3BE28633
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:26
Start time:05:34:05
Start date:27/07/2024
Path:C:\Windows\System32\rundll32.exe
Wow64 process (32bit):false
Commandline:rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y1
Imagebase:0x7ff633fb0000
File size:71'680 bytes
MD5 hash:EF3179D498793BF4234F708D3BE28633
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:27
Start time:05:34:05
Start date:27/07/2024
Path:C:\Windows\System32\rundll32.exe
Wow64 process (32bit):false
Commandline:rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y0l
Imagebase:0x7ff633fb0000
File size:71'680 bytes
MD5 hash:EF3179D498793BF4234F708D3BE28633
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:28
Start time:05:34:05
Start date:27/07/2024
Path:C:\Windows\System32\rundll32.exe
Wow64 process (32bit):false
Commandline:rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y0f16
Imagebase:0x7ff633fb0000
File size:71'680 bytes
MD5 hash:EF3179D498793BF4234F708D3BE28633
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:29
Start time:05:34:05
Start date:27/07/2024
Path:C:\Windows\System32\rundll32.exe
Wow64 process (32bit):false
Commandline:rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y0f
Imagebase:0x7ff633fb0000
File size:71'680 bytes
MD5 hash:EF3179D498793BF4234F708D3BE28633
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:30
Start time:05:34:05
Start date:27/07/2024
Path:C:\Windows\System32\rundll32.exe
Wow64 process (32bit):false
Commandline:rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",y0
Imagebase:0x7ff633fb0000
File size:71'680 bytes
MD5 hash:EF3179D498793BF4234F708D3BE28633
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:31
Start time:05:34:05
Start date:27/07/2024
Path:C:\Windows\System32\rundll32.exe
Wow64 process (32bit):false
Commandline:rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",truncl
Imagebase:0x7ff633fb0000
File size:71'680 bytes
MD5 hash:EF3179D498793BF4234F708D3BE28633
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:33
Start time:05:34:05
Start date:27/07/2024
Path:C:\Windows\System32\rundll32.exe
Wow64 process (32bit):false
Commandline:rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",truncf16
Imagebase:0x7ff633fb0000
File size:71'680 bytes
MD5 hash:EF3179D498793BF4234F708D3BE28633
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:34
Start time:05:34:05
Start date:27/07/2024
Path:C:\Windows\System32\rundll32.exe
Wow64 process (32bit):false
Commandline:rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",truncf
Imagebase:0x7ff633fb0000
File size:71'680 bytes
MD5 hash:EF3179D498793BF4234F708D3BE28633
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:35
Start time:05:34:05
Start date:27/07/2024
Path:C:\Windows\System32\rundll32.exe
Wow64 process (32bit):false
Commandline:rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",trunc
Imagebase:0x7ff633fb0000
File size:71'680 bytes
MD5 hash:EF3179D498793BF4234F708D3BE28633
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:36
Start time:05:34:05
Start date:27/07/2024
Path:C:\Windows\System32\rundll32.exe
Wow64 process (32bit):false
Commandline:rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",tgammal
Imagebase:0x7ff633fb0000
File size:71'680 bytes
MD5 hash:EF3179D498793BF4234F708D3BE28633
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:38
Start time:05:34:06
Start date:27/07/2024
Path:C:\Windows\System32\rundll32.exe
Wow64 process (32bit):false
Commandline:rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",tgammaf16
Imagebase:0x7ff633fb0000
File size:71'680 bytes
MD5 hash:EF3179D498793BF4234F708D3BE28633
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:39
Start time:05:34:06
Start date:27/07/2024
Path:C:\Windows\System32\rundll32.exe
Wow64 process (32bit):false
Commandline:rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",tgammaf
Imagebase:0x7ff633fb0000
File size:71'680 bytes
MD5 hash:EF3179D498793BF4234F708D3BE28633
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:41
Start time:05:34:06
Start date:27/07/2024
Path:C:\Windows\System32\rundll32.exe
Wow64 process (32bit):false
Commandline:rundll32.exe "C:\Users\user\Desktop\libmmd.dll.dll",tgamma
Imagebase:0x7ff633fb0000
File size:71'680 bytes
MD5 hash:EF3179D498793BF4234F708D3BE28633
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

Disassembly

Reset < >

    Execution Graph

    Execution Coverage:0.1%
    Dynamic/Decrypted Code Coverage:0%
    Signature Coverage:50%
    Total number of Nodes:44
    Total number of Limit Nodes:2
    execution_graph 16405 7ffdfb4b5260 16406 7ffdfb5542e0 16405->16406 16411 7ffdfb4b5210 16406->16411 16425 7ffdfb553b40 16411->16425 16414 7ffdfb6248d0 8 API calls 16415 7ffdfb4b5257 16414->16415 16416 7ffdfb6248d0 16415->16416 16417 7ffdfb6248d9 16416->16417 16418 7ffdfb554396 16417->16418 16419 7ffdfb624d00 IsProcessorFeaturePresent 16417->16419 16420 7ffdfb624d18 16419->16420 16452 7ffdfb624ef4 RtlCaptureContext 16420->16452 16426 7ffdfb553b9a 16425->16426 16429 7ffdfb553bbd 16425->16429 16426->16429 16434 7ffdfb553bf1 16426->16434 16427 7ffdfb553bec 16430 7ffdfb4b8420 3 API calls 16427->16430 16428 7ffdfb553ca2 16431 7ffdfb553c08 16428->16431 16432 7ffdfb553cbe 16428->16432 16436 7ffdfb55400d 16428->16436 16429->16427 16429->16428 16430->16431 16441 7ffdfb6248d0 8 API calls 16431->16441 16443 7ffdfb4b8420 CreateFileW 16432->16443 16434->16431 16448 7ffdfb521290 16434->16448 16435 7ffdfb55401f 16438 7ffdfb4b8420 3 API calls 16435->16438 16436->16435 16437 7ffdfb5542ac 16436->16437 16439 7ffdfb4b8420 3 API calls 16437->16439 16438->16431 16439->16431 16442 7ffdfb4b5242 16441->16442 16442->16414 16444 7ffdfb4b844c 16443->16444 16445 7ffdfb4b86da 16443->16445 16446 7ffdfb4b846a GetProcessHeap HeapAlloc 16444->16446 16445->16431 16447 7ffdfb4b8497 16446->16447 16447->16445 16451 7ffdfb5212e7 16448->16451 16449 7ffdfb6248d0 8 API calls 16450 7ffdfb521513 16449->16450 16450->16431 16451->16449 16453 7ffdfb624f0e RtlLookupFunctionEntry 16452->16453 16454 7ffdfb624d2b 16453->16454 16455 7ffdfb624f24 RtlVirtualUnwind 16453->16455 16456 7ffdfb624ccc SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16454->16456 16455->16453 16455->16454 16457 7ffdfb4b830e 16458 7ffdfb4b8325 16457->16458 16459 7ffdfb4b8342 GetProcessHeap RtlAllocateHeap 16458->16459 16460 7ffdfb4b836d 16459->16460 16460->16460

    Executed Functions

    Function 00007FFDFB4B8420 Relevance: 4.7, APIs: 3, Instructions: 169memoryfileCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID: Heap$AllocCreateFileProcess
    • String ID:
    • API String ID: 3203875786-0
    • Opcode ID: 2d9733e9c9f357357592a8d9fb725a563b86b74d139ad321112a9bbe39b3b16f
    • Instruction ID: 149af692fd1ab315c5f17e023e2b7c5f9bbc79d92c1502df8cc7a40b21c95c7f
    • Opcode Fuzzy Hash: 2d9733e9c9f357357592a8d9fb725a563b86b74d139ad321112a9bbe39b3b16f
    • Instruction Fuzzy Hash: 8971A332B1A78286EB10CF29A460AA9B765FFC5B84F449235DE5D077A9DF3CE041CB04
    Function 00007FFDFB4B830E Relevance: 3.1, APIs: 2, Instructions: 72memoryCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID: Heap$AllocateProcess
    • String ID:
    • API String ID: 1357844191-0
    • Opcode ID: a862e8544bebae12cc5a9c17f0a728a48d4b76f78a33045e262ab66a77b43016
    • Instruction ID: dbee6fe987733851ef95727ff6429aec345b2463b084fc8d401bf6a73f4028ae
    • Opcode Fuzzy Hash: a862e8544bebae12cc5a9c17f0a728a48d4b76f78a33045e262ab66a77b43016
    • Instruction Fuzzy Hash: C331D126B0AA9286D7249F15D460ABD77A1FB88B44F049134CA5E573FCEF7E94418B00

    Non-executed Functions

    Function 00007FFDFB624670 Relevance: 5.1, Strings: 4, Instructions: 142COMMON
    Download Yara Rule

    Control-flow Graph

    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID: $Genu$ineI$ntel
    • API String ID: 0-3800267741
    • Opcode ID: 99e989276af72c8e815189a1b2a21291dc0bc2fe3b05ec1a40957390aae53259
    • Instruction ID: d3890417255b1ff5cdc9024a1700d07e59eceaa120525a1d6ac0cbb96ceb12ea
    • Opcode Fuzzy Hash: 99e989276af72c8e815189a1b2a21291dc0bc2fe3b05ec1a40957390aae53259
    • Instruction Fuzzy Hash: DD5168B1B1D7428AFB648B19E060B26B6D1EBC5355F108139EE9D86BD8DB3DD8418F00
    Function 00007FFDFB4B4630 Relevance: 4.0, Instructions: 3998COMMON
    Download Yara Rule

    Control-flow Graph

    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 1d763e1d6cc68028e6b2d2eea794fda0841ceffb1f6cd5f323a665f52420f494
    • Instruction ID: 7a9968d3bda245cafaaf3eee1a96e6da21ca1ef04d44c8e0c645af621bb75408
    • Opcode Fuzzy Hash: 1d763e1d6cc68028e6b2d2eea794fda0841ceffb1f6cd5f323a665f52420f494
    • Instruction Fuzzy Hash: F4B3B337928F8489C353CE34A45253BA779EFDB2E5F116306FA8B55D2ACF68D142DA00
    Function 00007FFDFB4F4690 Relevance: 3.9, Instructions: 3854COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 152 7ffdfb4f4690-7ffdfb4f472b 153 7ffdfb4f4744-7ffdfb4f474c 152->153 154 7ffdfb4f472d-7ffdfb4f4735 152->154 157 7ffdfb4f47dc-7ffdfb4f47e0 153->157 158 7ffdfb4f4752-7ffdfb4f475e 153->158 155 7ffdfb4f473b-7ffdfb4f473f 154->155 156 7ffdfb4f47f8-7ffdfb4f4837 call 7ffdfb55eeb0 154->156 160 7ffdfb4f92f4 155->160 169 7ffdfb4f92fa-7ffdfb4f9372 call 7ffdfb6248d0 156->169 162 7ffdfb4f47e8-7ffdfb4f47f0 157->162 163 7ffdfb4f47e2 157->163 158->157 161 7ffdfb4f4760-7ffdfb4f47a2 158->161 160->169 167 7ffdfb4f483c-7ffdfb4f487e 161->167 168 7ffdfb4f47a8-7ffdfb4f47b4 161->168 162->156 165 7ffdfb4f47f2 162->165 163->162 164 7ffdfb4f488f-7ffdfb4f48d4 call 7ffdfb55eeb0 163->164 164->169 165->156 165->164 171 7ffdfb4f69fa-7ffdfb4f6a26 167->171 172 7ffdfb4f4884-7ffdfb4f488a 167->172 174 7ffdfb4f48d9-7ffdfb4f69f5 168->174 175 7ffdfb4f47ba-7ffdfb4f47c2 168->175 177 7ffdfb4f6a2c-7ffdfb4f92ea 171->177 172->177 179 7ffdfb4f92f0 174->179 180 7ffdfb4f47c8 175->180 181 7ffdfb4f9373-7ffdfb4fa0fc 175->181 177->179 179->160 180->181 182 7ffdfb4f47ce-7ffdfb4f47d7 180->182 181->160 182->169
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 112e599dd39b663bb0fdac5e8b54a5a16eb251792ea24bf8d5de669bb097fe55
    • Instruction ID: 379f42c4726677559288a0091802e106c243e3abea47e4c46a04918614d6a05d
    • Opcode Fuzzy Hash: 112e599dd39b663bb0fdac5e8b54a5a16eb251792ea24bf8d5de669bb097fe55
    • Instruction Fuzzy Hash: 40A3B737968F8489D353CE34A45253BAB39EFDB2D5F116306FA8A55D2ACF28D043DA40
    Function 00007FFDFB4D5FE0 Relevance: 2.2, Instructions: 2235COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 748225a74ff30e70aa2d2e1619d8541cf7faeffc297aca5ffb1a756eb108b6fe
    • Instruction ID: 0e64807efa7ebdc928b9cf136ba89cb937998802d3966722f9b30a959f01a4bd
    • Opcode Fuzzy Hash: 748225a74ff30e70aa2d2e1619d8541cf7faeffc297aca5ffb1a756eb108b6fe
    • Instruction Fuzzy Hash: 2F235993F1D1D251E3732260E1753DEAF60E786B84F600A56D2D9A19EEF91FC9208EC4
    Function 00007FFDFB4C7DA0 Relevance: 1.7, Strings: 1, Instructions: 413COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 989 7ffdfb4c7da0-7ffdfb4c7e10 990 7ffdfb4c7e16-7ffdfb4c7eb7 989->990 991 7ffdfb4c7f5e-7ffdfb4c7f85 989->991 992 7ffdfb4c7ebd-7ffdfb4c7f59 990->992 993 7ffdfb4c83ce-7ffdfb4c83d8 990->993 994 7ffdfb4c7f8b-7ffdfb4c7f90 991->994 995 7ffdfb4c8023-7ffdfb4c8039 991->995 998 7ffdfb4c84c4-7ffdfb4c84e5 call 7ffdfb6248d0 992->998 996 7ffdfb4c822c-7ffdfb4c8245 993->996 997 7ffdfb4c83de-7ffdfb4c83ee 993->997 999 7ffdfb4c829b-7ffdfb4c82b6 994->999 1000 7ffdfb4c7f96-7ffdfb4c7fa0 994->1000 1001 7ffdfb4c803b 995->1001 1002 7ffdfb4c8040-7ffdfb4c804a 995->1002 996->998 1003 7ffdfb4c81c9-7ffdfb4c81e5 997->1003 1004 7ffdfb4c83f4-7ffdfb4c83f7 997->1004 1005 7ffdfb4c82b8-7ffdfb4c82cd 999->1005 1006 7ffdfb4c8272-7ffdfb4c827a 999->1006 1007 7ffdfb4c7fa6-7ffdfb4c7ff4 1000->1007 1008 7ffdfb4c804f 1000->1008 1001->1003 1002->998 1015 7ffdfb4c81eb-7ffdfb4c81fc 1003->1015 1016 7ffdfb4c828c-7ffdfb4c8296 1003->1016 1004->999 1011 7ffdfb4c83fd-7ffdfb4c8400 1004->1011 1013 7ffdfb4c827f-7ffdfb4c8287 1005->1013 1014 7ffdfb4c82cf 1005->1014 1012 7ffdfb4c84a5-7ffdfb4c84bf call 7ffdfb55f700 1006->1012 1017 7ffdfb4c7ffa-7ffdfb4c7fff 1007->1017 1018 7ffdfb4c811f-7ffdfb4c8129 1007->1018 1010 7ffdfb4c8054-7ffdfb4c8081 1008->1010 1020 7ffdfb4c80d9-7ffdfb4c80e6 1010->1020 1021 7ffdfb4c8083-7ffdfb4c80a0 1010->1021 1022 7ffdfb4c8496-7ffdfb4c84a3 1011->1022 1023 7ffdfb4c8406-7ffdfb4c8409 1011->1023 1012->998 1013->1012 1014->998 1015->1020 1024 7ffdfb4c8202-7ffdfb4c820b 1015->1024 1016->998 1025 7ffdfb4c8005-7ffdfb4c8010 1017->1025 1026 7ffdfb4c81a7-7ffdfb4c81aa 1017->1026 1028 7ffdfb4c812b-7ffdfb4c8137 1018->1028 1029 7ffdfb4c818c-7ffdfb4c8199 1018->1029 1036 7ffdfb4c8109-7ffdfb4c8115 1020->1036 1037 7ffdfb4c80e8-7ffdfb4c8107 1020->1037 1034 7ffdfb4c80aa-7ffdfb4c80b7 1021->1034 1022->998 1030 7ffdfb4c82d4-7ffdfb4c837f 1023->1030 1031 7ffdfb4c840f-7ffdfb4c8425 1023->1031 1024->996 1038 7ffdfb4c820d-7ffdfb4c8210 1024->1038 1025->1010 1039 7ffdfb4c8012-7ffdfb4c8019 1025->1039 1026->1034 1035 7ffdfb4c81b0-7ffdfb4c81c4 1026->1035 1028->1002 1040 7ffdfb4c813d-7ffdfb4c8142 1028->1040 1032 7ffdfb4c8263-7ffdfb4c826d 1029->1032 1033 7ffdfb4c819f-7ffdfb4c81a2 1029->1033 1045 7ffdfb4c8381-7ffdfb4c8384 1030->1045 1046 7ffdfb4c839e-7ffdfb4c83a6 1030->1046 1041 7ffdfb4c8427-7ffdfb4c8443 1031->1041 1042 7ffdfb4c844e-7ffdfb4c8475 1031->1042 1032->998 1033->998 1043 7ffdfb4c8224-7ffdfb4c8227 1034->1043 1044 7ffdfb4c80bd-7ffdfb4c80c8 1034->1044 1035->1012 1048 7ffdfb4c8117-7ffdfb4c811a 1036->1048 1049 7ffdfb4c8153-7ffdfb4c815d 1036->1049 1047 7ffdfb4c80cc-7ffdfb4c80d4 1037->1047 1050 7ffdfb4c824a-7ffdfb4c8259 1038->1050 1051 7ffdfb4c8212-7ffdfb4c8220 1038->1051 1039->995 1052 7ffdfb4c8171-7ffdfb4c817e 1040->1052 1053 7ffdfb4c8144-7ffdfb4c8151 1040->1053 1059 7ffdfb4c8449 1041->1059 1060 7ffdfb4c838b-7ffdfb4c839a 1041->1060 1042->1022 1061 7ffdfb4c8477-7ffdfb4c848e 1042->1061 1043->998 1044->1047 1055 7ffdfb4c8386 1045->1055 1056 7ffdfb4c83c1-7ffdfb4c83c9 1045->1056 1046->1012 1047->1012 1048->998 1049->998 1050->1032 1054 7ffdfb4c825b-7ffdfb4c825e 1050->1054 1051->1043 1062 7ffdfb4c8222 1051->1062 1052->1032 1058 7ffdfb4c8184-7ffdfb4c8187 1052->1058 1053->1049 1057 7ffdfb4c8162-7ffdfb4c816c 1053->1057 1054->998 1055->998 1056->1012 1057->998 1058->998 1059->1056 1060->1046 1061->1030 1064 7ffdfb4c8494 1061->1064 1062->1032 1064->1041
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID: #
    • API String ID: 0-1885708031
    • Opcode ID: 03e692accf221de9e8b636625370183c9590b304654c90d0b67131d2e5f4bfe1
    • Instruction ID: 5033ae7ddfab7105a7c15318a985f8ff0e9dc28dcd7320e43b12e914c55bad97
    • Opcode Fuzzy Hash: 03e692accf221de9e8b636625370183c9590b304654c90d0b67131d2e5f4bfe1
    • Instruction Fuzzy Hash: A5F11562E3AA4349E7738635C96473A63559FA6758F34C336F42A759FCEF2CE0824500
    Function 00007FFDFB4D0EC0 Relevance: 1.6, Strings: 1, Instructions: 366COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 1065 7ffdfb4d0ec0-7ffdfb4d8459 1067 7ffdfb4d8a2a-7ffdfb4d8a2e 1065->1067 1068 7ffdfb4d845f-7ffdfb4d84b5 1065->1068 1073 7ffdfb4d8a38-7ffdfb4d8a45 1067->1073 1069 7ffdfb4d84bb-7ffdfb4d8586 1068->1069 1070 7ffdfb4d85a8-7ffdfb4d85b0 1068->1070 1074 7ffdfb4d8588-7ffdfb4d859a 1069->1074 1075 7ffdfb4d859f-7ffdfb4d85a3 1069->1075 1071 7ffdfb4d85b6-7ffdfb4d86d7 1070->1071 1072 7ffdfb4d8701-7ffdfb4d870b 1070->1072 1077 7ffdfb4d86d9-7ffdfb4d86eb 1071->1077 1078 7ffdfb4d86f0-7ffdfb4d86fc 1071->1078 1079 7ffdfb4d8795-7ffdfb4d879d 1072->1079 1080 7ffdfb4d8711-7ffdfb4d8773 1072->1080 1081 7ffdfb4d8a47-7ffdfb4d8a59 1073->1081 1082 7ffdfb4d8a5e-7ffdfb4d8a80 call 7ffdfb55f770 1073->1082 1074->1075 1076 7ffdfb4d8a85-7ffdfb4d8aa6 call 7ffdfb6248d0 1075->1076 1077->1078 1078->1076 1085 7ffdfb4d87a3-7ffdfb4d88e6 1079->1085 1086 7ffdfb4d8910-7ffdfb4d891a 1079->1086 1083 7ffdfb4d878c-7ffdfb4d8790 1080->1083 1084 7ffdfb4d8775-7ffdfb4d8787 1080->1084 1081->1082 1082->1076 1083->1076 1084->1083 1090 7ffdfb4d88e8-7ffdfb4d88fa 1085->1090 1091 7ffdfb4d88ff-7ffdfb4d890b 1085->1091 1092 7ffdfb4d89d2-7ffdfb4d89ed 1086->1092 1093 7ffdfb4d8920-7ffdfb4d893f 1086->1093 1090->1091 1091->1076 1094 7ffdfb4d8a06-7ffdfb4d8a1a 1092->1094 1095 7ffdfb4d89ef-7ffdfb4d8a01 1092->1095 1096 7ffdfb4d8941-7ffdfb4d8966 1093->1096 1097 7ffdfb4d8983-7ffdfb4d89b4 1093->1097 1100 7ffdfb4d8a1c-7ffdfb4d8a24 1094->1100 1101 7ffdfb4d8a28 1094->1101 1095->1094 1096->1092 1102 7ffdfb4d8968-7ffdfb4d897e 1096->1102 1098 7ffdfb4d89b6-7ffdfb4d89c8 1097->1098 1099 7ffdfb4d89cd 1097->1099 1098->1099 1099->1076 1100->1101 1101->1076 1102->1073
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID: =
    • API String ID: 0-2322244508
    • Opcode ID: 9ddc42a44bcf7dc5fdc33450e44dadd9ebcb590b44dbfef38383ecb755c2cc5f
    • Instruction ID: 08022701622d7efea6619003ce807402150b67c614f1b40e6f56fbc5184068c2
    • Opcode Fuzzy Hash: 9ddc42a44bcf7dc5fdc33450e44dadd9ebcb590b44dbfef38383ecb755c2cc5f
    • Instruction Fuzzy Hash: 75F18622E3AF424ED35387349461636B718AFA72C4F11D323F967B5EA9DB29E5434500
    Function 00007FFDFB4DC250 Relevance: 1.6, Strings: 1, Instructions: 314COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 1103 7ffdfb4dc250-7ffdfb4dc291 1104 7ffdfb4dc297-7ffdfb4dc2ab 1103->1104 1105 7ffdfb4dc57f-7ffdfb4dc59a 1103->1105 1104->1105 1106 7ffdfb4dc2b1-7ffdfb4dc398 1104->1106 1107 7ffdfb4dc645-7ffdfb4dc661 1105->1107 1108 7ffdfb4dc5a0-7ffdfb4dc5a5 1105->1108 1109 7ffdfb4dc455-7ffdfb4dc45f 1106->1109 1110 7ffdfb4dc39e-7ffdfb4dc450 1106->1110 1111 7ffdfb4dc663-7ffdfb4dc672 1107->1111 1112 7ffdfb4dc68e-7ffdfb4dc692 1107->1112 1113 7ffdfb4dc5ab-7ffdfb4dc5cf 1108->1113 1114 7ffdfb4dc70e-7ffdfb4dc731 1108->1114 1120 7ffdfb4dc465-7ffdfb4dc50d 1109->1120 1121 7ffdfb4dc512-7ffdfb4dc535 1109->1121 1119 7ffdfb4dc7db-7ffdfb4dc7fc call 7ffdfb6248d0 1110->1119 1122 7ffdfb4dc697-7ffdfb4dc6ba 1111->1122 1123 7ffdfb4dc674-7ffdfb4dc689 1111->1123 1112->1119 1115 7ffdfb4dc606-7ffdfb4dc61e 1113->1115 1116 7ffdfb4dc5d1-7ffdfb4dc5d4 1113->1116 1117 7ffdfb4dc6db-7ffdfb4dc6e3 1114->1117 1118 7ffdfb4dc733-7ffdfb4dc740 1114->1118 1128 7ffdfb4dc624 1115->1128 1129 7ffdfb4dc75e-7ffdfb4dc76c 1115->1129 1124 7ffdfb4dc626-7ffdfb4dc63d 1116->1124 1125 7ffdfb4dc5d6-7ffdfb4dc5e0 1116->1125 1117->1119 1126 7ffdfb4dc747-7ffdfb4dc75c 1118->1126 1127 7ffdfb4dc742 1118->1127 1120->1119 1130 7ffdfb4dc566-7ffdfb4dc57a 1121->1130 1131 7ffdfb4dc537-7ffdfb4dc542 1121->1131 1122->1117 1132 7ffdfb4dc6bc-7ffdfb4dc6bf 1122->1132 1123->1119 1137 7ffdfb4dc793-7ffdfb4dc7b2 1124->1137 1138 7ffdfb4dc643 1124->1138 1125->1121 1134 7ffdfb4dc5e6-7ffdfb4dc5fd 1125->1134 1126->1119 1127->1119 1128->1116 1135 7ffdfb4dc78b-7ffdfb4dc78f 1129->1135 1136 7ffdfb4dc76e-7ffdfb4dc787 1129->1136 1130->1119 1139 7ffdfb4dc544-7ffdfb4dc548 1131->1139 1140 7ffdfb4dc54d-7ffdfb4dc561 1131->1140 1141 7ffdfb4dc6e8-7ffdfb4dc709 1132->1141 1142 7ffdfb4dc6c1-7ffdfb4dc6d6 1132->1142 1134->1115 1145 7ffdfb4dc7b4-7ffdfb4dc7d6 call 7ffdfb55f770 1135->1145 1146 7ffdfb4dc791 1135->1146 1144 7ffdfb4dc789 1136->1144 1136->1145 1137->1119 1138->1125 1139->1119 1140->1119 1141->1119 1142->1119 1144->1119 1145->1119 1146->1119
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID: %
    • API String ID: 0-2567322570
    • Opcode ID: e879e8d9a7ca7b9909caaecc9338ec2390779ea5072203849cc28d77a3e5c8b1
    • Instruction ID: 204a0de7e95340599c4ccfaf6d31e8042ceaf0b9d29821c39acc41acd802223b
    • Opcode Fuzzy Hash: e879e8d9a7ca7b9909caaecc9338ec2390779ea5072203849cc28d77a3e5c8b1
    • Instruction Fuzzy Hash: E6D1A251E2EF4388E7638638887167652199F772D5E15D337E92B78DFAEF2CA1834200
    Function 00007FFDFB4DE590 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 1148 7ffdfb4de590-7ffdfb4de5d9 1149 7ffdfb4de83c-7ffdfb4de848 1148->1149 1150 7ffdfb4de5df-7ffdfb4de5f9 1148->1150 1151 7ffdfb4de951 1149->1151 1152 7ffdfb4de84e-7ffdfb4de851 1149->1152 1153 7ffdfb4de86b-7ffdfb4de877 1150->1153 1154 7ffdfb4de5ff-7ffdfb4de666 1150->1154 1157 7ffdfb4de9d1-7ffdfb4de9d5 1151->1157 1158 7ffdfb4de953-7ffdfb4de967 1151->1158 1155 7ffdfb4de9da-7ffdfb4de9ee 1152->1155 1156 7ffdfb4de857-7ffdfb4de865 1152->1156 1159 7ffdfb4dea57 1153->1159 1160 7ffdfb4de87d-7ffdfb4de880 1153->1160 1161 7ffdfb4de66c-7ffdfb4de6ff 1154->1161 1162 7ffdfb4de704-7ffdfb4de710 1154->1162 1166 7ffdfb4dea4d-7ffdfb4dea55 1155->1166 1172 7ffdfb4de9f0-7ffdfb4de9f3 1155->1172 1156->1153 1171 7ffdfb4deab2-7ffdfb4dead3 call 7ffdfb6248d0 1157->1171 1167 7ffdfb4de969 1158->1167 1168 7ffdfb4de994-7ffdfb4de9cc 1158->1168 1165 7ffdfb4dea59-7ffdfb4dea5c 1159->1165 1159->1166 1169 7ffdfb4dea69-7ffdfb4dea89 1160->1169 1170 7ffdfb4de886-7ffdfb4de8af 1160->1170 1161->1171 1163 7ffdfb4de78c-7ffdfb4de798 1162->1163 1164 7ffdfb4de712-7ffdfb4de787 1162->1164 1175 7ffdfb4de79a-7ffdfb4de7af 1163->1175 1176 7ffdfb4de7b4-7ffdfb4de7ba 1163->1176 1164->1171 1177 7ffdfb4dea5e-7ffdfb4dea67 1165->1177 1178 7ffdfb4de9ff-7ffdfb4dea1f 1165->1178 1166->1171 1167->1166 1179 7ffdfb4de96f-7ffdfb4de98f 1167->1179 1168->1171 1169->1171 1180 7ffdfb4de8b1-7ffdfb4de8c5 1170->1180 1181 7ffdfb4de900-7ffdfb4de914 1170->1181 1173 7ffdfb4dea46-7ffdfb4dea49 1172->1173 1174 7ffdfb4de9f5-7ffdfb4de9f8 1172->1174 1186 7ffdfb4dea4b 1173->1186 1187 7ffdfb4dea24-7ffdfb4dea44 1173->1187 1174->1178 1183 7ffdfb4de9fa 1174->1183 1175->1171 1184 7ffdfb4de819-7ffdfb4de837 1176->1184 1185 7ffdfb4de7bc-7ffdfb4de814 1176->1185 1177->1171 1178->1171 1179->1171 1189 7ffdfb4de8ea-7ffdfb4de8f7 1180->1189 1190 7ffdfb4de8c7-7ffdfb4de8cd 1180->1190 1181->1184 1188 7ffdfb4de91a-7ffdfb4de91d 1181->1188 1183->1171 1184->1171 1185->1171 1192 7ffdfb4dea8b-7ffdfb4deaad call 7ffdfb55f700 1186->1192 1187->1192 1193 7ffdfb4de93c-7ffdfb4de94c 1188->1193 1194 7ffdfb4de91f-7ffdfb4de937 1188->1194 1189->1181 1195 7ffdfb4de8d4-7ffdfb4de8e1 1190->1195 1196 7ffdfb4de8cf 1190->1196 1192->1171 1193->1171 1194->1171 1195->1189 1196->1195
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID: &
    • API String ID: 0-1010288
    • Opcode ID: e3384bcdf49d8c4ae8428da9b7b44a41eb43070f33d4b6f7af649716f65371c6
    • Instruction ID: 2df540534fd66682ca668f13568a5549511313acbf2f2d303b8e675efaf91f3b
    • Opcode Fuzzy Hash: e3384bcdf49d8c4ae8428da9b7b44a41eb43070f33d4b6f7af649716f65371c6
    • Instruction Fuzzy Hash: 57C1DA21E7AA0B89EB53823755617396252AFAE384F39C737F829395FDEB2C70C15500
    Function 00007FFDFB4D0EB0 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 1198 7ffdfb4d0eb0-7ffdfb4d0f43 1200 7ffdfb4d0f49-7ffdfb4d1016 1198->1200 1201 7ffdfb4d101b-7ffdfb4d1023 1198->1201 1202 7ffdfb4d13c4-7ffdfb4d13e5 call 7ffdfb6248d0 1200->1202 1203 7ffdfb4d1029-7ffdfb4d114d 1201->1203 1204 7ffdfb4d1152-7ffdfb4d115c 1201->1204 1203->1202 1206 7ffdfb4d11e6-7ffdfb4d11ee 1204->1206 1207 7ffdfb4d1162-7ffdfb4d11e1 1204->1207 1209 7ffdfb4d12dc-7ffdfb4d12e6 1206->1209 1210 7ffdfb4d11f4-7ffdfb4d12d7 1206->1210 1207->1202 1211 7ffdfb4d12ec-7ffdfb4d130b 1209->1211 1212 7ffdfb4d137d-7ffdfb4d1391 1209->1212 1210->1202 1213 7ffdfb4d134c-7ffdfb4d137b 1211->1213 1214 7ffdfb4d130d-7ffdfb4d1332 1211->1214 1212->1202 1213->1202 1215 7ffdfb4d1393-7ffdfb4d139b 1214->1215 1216 7ffdfb4d1334-7ffdfb4d13bf call 7ffdfb55f770 1214->1216 1215->1202 1216->1202
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID: :
    • API String ID: 0-336475711
    • Opcode ID: 95378f8e9efeab19656c0c74fe394c3cdf134ef61569ba899f9c836e0b92d12d
    • Instruction ID: 3fe8fc126e7cb7b991d1893334cb7a936ebfe33c5561875ae132173013e94e68
    • Opcode Fuzzy Hash: 95378f8e9efeab19656c0c74fe394c3cdf134ef61569ba899f9c836e0b92d12d
    • Instruction Fuzzy Hash: D6C16F21E2AF434CE72386399871636A71C6FBB2D5E51D327FC2B74DB5EB19A1938100
    Function 00007FFDFB4B6100 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 1219 7ffdfb4b6100-7ffdfb509a1d 1221 7ffdfb509a1f-7ffdfb509a25 1219->1221 1222 7ffdfb509a91-7ffdfb509a97 1219->1222 1225 7ffdfb509ab1-7ffdfb509bd9 call 7ffdfb521030 call 7ffdfb4b8150 1221->1225 1226 7ffdfb509a2b-7ffdfb509a31 1221->1226 1223 7ffdfb509a9d-7ffdfb509aac 1222->1223 1224 7ffdfb509bf1-7ffdfb509bf9 1222->1224 1227 7ffdfb509ec7-7ffdfb509f07 call 7ffdfb6248d0 1223->1227 1224->1227 1251 7ffdfb509be4-7ffdfb509bec 1225->1251 1252 7ffdfb509bdb 1225->1252 1229 7ffdfb509bfe-7ffdfb509c12 1226->1229 1230 7ffdfb509a37-7ffdfb509a3d 1226->1230 1233 7ffdfb509c18-7ffdfb509c52 1229->1233 1234 7ffdfb509d2c 1229->1234 1235 7ffdfb509a43-7ffdfb509a49 1230->1235 1236 7ffdfb509c57-7ffdfb509d16 1230->1236 1237 7ffdfb509d33-7ffdfb509dca 1233->1237 1234->1237 1240 7ffdfb509a4f-7ffdfb509a55 1235->1240 1241 7ffdfb509de0-7ffdfb509e41 1235->1241 1242 7ffdfb509d20-7ffdfb509d27 1236->1242 1243 7ffdfb509d18 1236->1243 1244 7ffdfb509dd4-7ffdfb509ddb 1237->1244 1245 7ffdfb509dcc 1237->1245 1247 7ffdfb509e46-7ffdfb509e83 1240->1247 1248 7ffdfb509a5b-7ffdfb509a64 1240->1248 1241->1227 1242->1227 1243->1242 1244->1227 1245->1244 1247->1227 1249 7ffdfb509e85-7ffdfb509e87 1248->1249 1250 7ffdfb509a6a-7ffdfb509a8c 1248->1250 1249->1227 1253 7ffdfb509e89-7ffdfb509ec3 1249->1253 1250->1227 1251->1227 1252->1251 1253->1227
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID: nA
    • API String ID: 0-1316725957
    • Opcode ID: 9acc2828e5ef9c8e9c0a36c9a83603fa8eae80337e3397a18f3421c7b2ae394e
    • Instruction ID: 02eedd61829d0dc982be5ffffa83a19c007952778531c5bb06ff678c1b3e5d06
    • Opcode Fuzzy Hash: 9acc2828e5ef9c8e9c0a36c9a83603fa8eae80337e3397a18f3421c7b2ae394e
    • Instruction Fuzzy Hash: A2D1D322E2AF5788E367873594B16356718AF662D4F46C333F86F35AB9DF1CA0938500
    Function 00007FFDFB4B58B0 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
    Download Yara Rule
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID: ?
    • API String ID: 0-1684325040
    • Opcode ID: 743fb0690d21a2bfc34ec116a226c37de37c7f63cd3c71f2e1b9eb7cd6fc9382
    • Instruction ID: e709c79a99c56f0d76bd46a2c1ca860e5e51c813bcf866b84eb4809b4828c327
    • Opcode Fuzzy Hash: 743fb0690d21a2bfc34ec116a226c37de37c7f63cd3c71f2e1b9eb7cd6fc9382
    • Instruction Fuzzy Hash: AC319BB3F3D45243A33E4B19A810D256B90A7E9B95B456139EE0F0BBD6CD2CDB51CB80
    Function 00007FFDFB4B6110 Relevance: 1.3, Instructions: 1330COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 2a043db48796c865c5c97e7ae7ee9018aab35bded4def970419be971f03d26b4
    • Instruction ID: 29fe28a482c546313b2ba49ff47723182d88f33d4e6aaed3e8431de7c0b820b0
    • Opcode Fuzzy Hash: 2a043db48796c865c5c97e7ae7ee9018aab35bded4def970419be971f03d26b4
    • Instruction Fuzzy Hash: 5592BAA3F1F18275C36732A0D4616C96B60DB81ED0F302E5A85D6A15BFFD1B8E944EC8
    Function 00007FFDFB4B37A0 Relevance: 1.3, Instructions: 1263COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: e4beefde7efc2d7f3965ed56e14acd43a5fbfea44d7cd9701e681e08f5bb9f6d
    • Instruction ID: e6e78a0118664ade83a9aa7a2412210991aeefbebce51ccc16485401e896dfb0
    • Opcode Fuzzy Hash: e4beefde7efc2d7f3965ed56e14acd43a5fbfea44d7cd9701e681e08f5bb9f6d
    • Instruction Fuzzy Hash: D3B29E22F2AF4249EB6386359471A7663189FA63D4F11D333F96B75AF9DF1CA0834240
    Function 00007FFDFB52F6B0 Relevance: 1.2, Instructions: 1159COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 5eddbf0e1ebc1580ef838b8e4223f7cba4513b7c02958abe12947a35bb69c871
    • Instruction ID: 793cef4082eca6590e048c49e8dade1157d8c6d3c92c5bb2d4f904ea74548c66
    • Opcode Fuzzy Hash: 5eddbf0e1ebc1580ef838b8e4223f7cba4513b7c02958abe12947a35bb69c871
    • Instruction Fuzzy Hash: B8B2B1B3F0D28251E3776610E4217E97B60E745780F640925C9DAA2BFEFE2ED9548EC0
    Function 00007FFDFB505000 Relevance: .8, Instructions: 850COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 34e03afbd49d72632794f0edc178e3f03295cf3ec5192f66c5ad4a46814b30f8
    • Instruction ID: 244d108211dd6abc21296f61675a9849c9f87d94268eea1d10863a9039696d9a
    • Opcode Fuzzy Hash: 34e03afbd49d72632794f0edc178e3f03295cf3ec5192f66c5ad4a46814b30f8
    • Instruction Fuzzy Hash: 1E623A23B1D29747F7764A25B0A0B7E7A91EB80784F185135DAEA42BEDDE3CD844CB40
    Function 00007FFDFB4FD030 Relevance: .8, Instructions: 780COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a0035069d5cdad763482af1719770d8d5a5f38f6f3d213e4864f05c2f09ba960
    • Instruction ID: 4f2c1ef3d937926b21fcc8b48d00f5fa54170c1a26727ef0d27e52ca960af25f
    • Opcode Fuzzy Hash: a0035069d5cdad763482af1719770d8d5a5f38f6f3d213e4864f05c2f09ba960
    • Instruction Fuzzy Hash: 1F727EA3F1D58122D3677660E1222D96FA0DB45FE0F310E2995DAF16BEFD1B99108EC0
    Function 00007FFDFB4C0510 Relevance: .7, Instructions: 676COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 7cf26b8575944bc68815bd5694531a0e5cedbb8e91ff889c0f4c43c88fb3258c
    • Instruction ID: 67248c79f061196bffb3e1dc3d6e08c1b4b0dc4636b1455b75029ab8cc368ddd
    • Opcode Fuzzy Hash: 7cf26b8575944bc68815bd5694531a0e5cedbb8e91ff889c0f4c43c88fb3258c
    • Instruction Fuzzy Hash: 34225AA2F2945703F7294D2A6A60F3945436BD4BE8F15A335ED3B67BE8CE389D409240
    Function 00007FFDFB4D0210 Relevance: .7, Instructions: 672COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: b545ce14306a7837f043426c29aa0961ab947da752e1f84d63174a7b6074801c
    • Instruction ID: 77be88aabead9556088d2e8bea9a77bb1b90165248d7b2c61ace5f0cc39a30bc
    • Opcode Fuzzy Hash: b545ce14306a7837f043426c29aa0961ab947da752e1f84d63174a7b6074801c
    • Instruction Fuzzy Hash: A052E822F29F864DE31387354472A75A25CAF7B2D8F119323F85BB5EB6DB2871938500
    Function 00007FFDFB502FD0 Relevance: .7, Instructions: 672COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f434fc715291ac6ca2c1ab8d0cd603f5bcdd5efe22f77c8a5364d77da906c378
    • Instruction ID: 8bc50bb12f9c5267ba301798032c21585e6746e5650a86dc1af0052b40d97cb9
    • Opcode Fuzzy Hash: f434fc715291ac6ca2c1ab8d0cd603f5bcdd5efe22f77c8a5364d77da906c378
    • Instruction Fuzzy Hash: 86226862F2949703F73A092669A1F3909426BD87E4F19A334ED7B67BEDCD3C9D058240
    Function 00007FFDFB4C71B0 Relevance: .7, Instructions: 661COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d109e12a5d331f059daeead56b3120fcb95c3d3d0e94ce7fb874789e8f84c0a9
    • Instruction ID: a5a1283799e2cd2c5c93c04f18436b5f9502a9a8075cee79f32c6e0733c39eeb
    • Opcode Fuzzy Hash: d109e12a5d331f059daeead56b3120fcb95c3d3d0e94ce7fb874789e8f84c0a9
    • Instruction Fuzzy Hash: 0B52D162E2EE434AE7634634D9317356258AFA27C8F10D333E93AB59FDDF2DA5824104
    Function 00007FFDFB4B4A50 Relevance: .7, Instructions: 661COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 57089aa6be1e030319cc4d0506c54f800e2e95f96a8b3cf7dad2ae92eb010878
    • Instruction ID: d92e8b69b1dcc0cc81fdc2cd1d25ea032835cee09bc959799991fc4e056c9cc7
    • Opcode Fuzzy Hash: 57089aa6be1e030319cc4d0506c54f800e2e95f96a8b3cf7dad2ae92eb010878
    • Instruction Fuzzy Hash: 83527B32E2BF414AC753D639946237A7319AFA73C5F25C323F92775E99DB28A0864201
    Function 00007FFDFB503A10 Relevance: .6, Instructions: 634COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 02227af2f0308b7971d1a023db06ddb54e8a66628a1bd1f7aa9cad1ee3ea5175
    • Instruction ID: feee88772bf2b1855e52d1b5470773e689a6a302b371742988c63ffd0f9e5341
    • Opcode Fuzzy Hash: 02227af2f0308b7971d1a023db06ddb54e8a66628a1bd1f7aa9cad1ee3ea5175
    • Instruction Fuzzy Hash: 9D12EE13F1AA4703EB158625A931BB55351AF957D4F086332EE7E27BEDEE3CA542C200
    Function 00007FFDFB58CE40 Relevance: .6, Instructions: 595COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 531a386d7fd723af18119abf23d936c93c208b87aedd856c9f97d8368f96c472
    • Instruction ID: d2e1b1d8c5aa959d81257b527febb349dd585a1add0042e080b5132f5efb081e
    • Opcode Fuzzy Hash: 531a386d7fd723af18119abf23d936c93c208b87aedd856c9f97d8368f96c472
    • Instruction Fuzzy Hash: 4F422861B19B8741E7128B369421BBAA360AF85BC4F548336ED5D277FADF3CE1858700
    Function 00007FFDFB512E70 Relevance: .6, Instructions: 588COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 4f136b34965850c78c2b95e23a32ca7de31aab7a1612d080d7828331d4c5667b
    • Instruction ID: d78caded44fe1ad763e74b3cc32cd3edc033c96233a43ec14f3e334de8a6004c
    • Opcode Fuzzy Hash: 4f136b34965850c78c2b95e23a32ca7de31aab7a1612d080d7828331d4c5667b
    • Instruction Fuzzy Hash: 4732E622F2AF824DD77356358832B75AA4C5F772D4E11E327FD2A74EB5DB29A1438200
    Function 00007FFDFB4B4AC0 Relevance: .6, Instructions: 561COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d9103adab70f63dfd990f547049117c0fde09d2e1da92cc759475ab9d9240b5b
    • Instruction ID: 07b20bd91bc67f840b8270db41cc23a8b051a558d54f89b236cbf7767c6d5d5a
    • Opcode Fuzzy Hash: d9103adab70f63dfd990f547049117c0fde09d2e1da92cc759475ab9d9240b5b
    • Instruction Fuzzy Hash: 45328D61F2AF9349E7638B359971B3553189F623D8F119332E92B75AF8DF1DA1838200
    Function 00007FFDFB537B30 Relevance: .6, Instructions: 559COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 568fb40d477010ecf80d15a36c37236d0d1c0e3022d4a567b73bfa1d17d924bf
    • Instruction ID: a39a93d255a6722ace43b35e1b50f2fc82962efef878a5aab16669050b026a4b
    • Opcode Fuzzy Hash: 568fb40d477010ecf80d15a36c37236d0d1c0e3022d4a567b73bfa1d17d924bf
    • Instruction Fuzzy Hash: D432D0A3F1918262D3673660E5326D82FA0D741BD0F351E25C5DAA1AFEFD1F99208EC0
    Function 00007FFDFB4B6120 Relevance: .5, Instructions: 545COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: e2adcb422eb515f46c5c65a91c34b6b75fbd11b8ff7c49a16e0a76c941e45df7
    • Instruction ID: 36e9e83b22f6dd4e93ddd27aa33e9ef5f9b566f2621d41f5cb0ff3572cfbacbc
    • Opcode Fuzzy Hash: e2adcb422eb515f46c5c65a91c34b6b75fbd11b8ff7c49a16e0a76c941e45df7
    • Instruction Fuzzy Hash: D7322B22F29F874DD223963544B2A7AE358AF7B2C4F05D323F95B759BADF2861834500
    Function 00007FFDFB4CF7E0 Relevance: .5, Instructions: 542COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 1dc186652fcc5e2968f2f3d569a2d9b2078f7f6791e99010ebf7f781e971e3a3
    • Instruction ID: 1f56dbcd33735f067e491d15d7768e40534b9fdacda9ac0c60fb0abafaff8b22
    • Opcode Fuzzy Hash: 1dc186652fcc5e2968f2f3d569a2d9b2078f7f6791e99010ebf7f781e971e3a3
    • Instruction Fuzzy Hash: E822C2E3F1E18261D7673260D1212EE6F60DB42FD4F311A66D5DAA18FEF91B89244EC0
    Function 00007FFDFB4B5300 Relevance: .5, Instructions: 519COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: c5e2c164904810641a6217d8f01738aaedd99cf360816c393a14b5275449fe54
    • Instruction ID: d09b9c32d3bb6cdee09044b9cad0ca5d4df991b9dacb85992f2d2b796c0aa0cf
    • Opcode Fuzzy Hash: c5e2c164904810641a6217d8f01738aaedd99cf360816c393a14b5275449fe54
    • Instruction Fuzzy Hash: D732AF22F35F814CD26386399472636A65CAF7B3E9F12E317F85BB5E72DB2591438200
    Function 00007FFDFB527080 Relevance: .5, Instructions: 501COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: bc8feebcd0468933b4e735094c0ee9f3a7539eb6cb4bf6d58c7269196d0bc830
    • Instruction ID: c7abd6903a5f2643b58bfb42aa1240d3ef712bfc3672a00b0931a559ca6b3d20
    • Opcode Fuzzy Hash: bc8feebcd0468933b4e735094c0ee9f3a7539eb6cb4bf6d58c7269196d0bc830
    • Instruction Fuzzy Hash: DA22A4A3F1E14252E3576B10E0315AD6BB0EB81B90F240935E5DA956FEFD6EE9108FC0
    Function 00007FFDFB4CC330 Relevance: .5, Instructions: 486COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6995a572ff6863a5858f7d2ac9b4dc2792e7b27e04898c0394a1d71f3a50bc67
    • Instruction ID: 21aa89b1d3cd3170aa1a1927576ffb5f25de935b97ae7cc042a199ba3fe09b61
    • Opcode Fuzzy Hash: 6995a572ff6863a5858f7d2ac9b4dc2792e7b27e04898c0394a1d71f3a50bc67
    • Instruction Fuzzy Hash: 32023A22F25F520EE667477998317747718AFB67D4F01D333ED1A36EA6EB18A5838200
    Function 00007FFDFB4B3C30 Relevance: .5, Instructions: 452COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 2577988af3a84551343cd549d5035ec4360bbbe02a22ad4b2c82684c9c97b776
    • Instruction ID: 0f624c94b22f1883bdbe8630af97391cfcbbb7657adfe35273ebd21e6e159b66
    • Opcode Fuzzy Hash: 2577988af3a84551343cd549d5035ec4360bbbe02a22ad4b2c82684c9c97b776
    • Instruction Fuzzy Hash: 14129322F39F824CE62386349872B756658AF7B3D4E02D337F92A75EF6DB18A1534500
    Function 00007FFDFB53A120 Relevance: .4, Instructions: 450COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: e73f1a5723eba6ac0c21b7060a8898b0c5ea611e9fb68df99a34137de746baf4
    • Instruction ID: 418c3da7dbbdb5ef6c0f5b251cb58080441eebb8fcd509454523f215ace677ee
    • Opcode Fuzzy Hash: e73f1a5723eba6ac0c21b7060a8898b0c5ea611e9fb68df99a34137de746baf4
    • Instruction Fuzzy Hash: 3802B1E3F1914262D36B3660E5326982B60D751BE0F311E29D1DBA0AFEFD1B5E644EC0
    Function 00007FFDFB4CCB50 Relevance: .4, Instructions: 448COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: f6f95bb06ad17f6fbc9d6fb12189477d09ada8809d27d140a8cff21ab0359a99
    • Instruction ID: f942a2b796cd3230fc6f859b70d8b4c7ac1f3fb639090c7b5af01f13c52d49c8
    • Opcode Fuzzy Hash: f6f95bb06ad17f6fbc9d6fb12189477d09ada8809d27d140a8cff21ab0359a99
    • Instruction Fuzzy Hash: 43F1E362F2AF4249EA138A355831776A6585FA67E4F02D337FD2B39BF9DF18A0434100
    Function 00007FFDFB4F0F10 Relevance: .4, Instructions: 437COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d7a5af94fba73b2c3da74daeec69d136b71ccb865ed0cf87a5ece6130064f339
    • Instruction ID: 6fbe8bf2cc3660d6629237516a5b5e2f12e2530354edef01c1e26195c07b66df
    • Opcode Fuzzy Hash: d7a5af94fba73b2c3da74daeec69d136b71ccb865ed0cf87a5ece6130064f339
    • Instruction Fuzzy Hash: E3F10251F2AF8249EA1386754831776A6485FA63E4F02D333FD3B3ABF9DB19A1434500
    Function 00007FFDFB4BDD10 Relevance: .4, Instructions: 437COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 1451519dd1cb4e8900d9d3fb617e2ca457fa69c8af9f5cb6f06dbd60fd13faf7
    • Instruction ID: 8dcd9404f1eb44d41138b6453cc92844c0344eaa7b9dce2fab7b11490c1c07e5
    • Opcode Fuzzy Hash: 1451519dd1cb4e8900d9d3fb617e2ca457fa69c8af9f5cb6f06dbd60fd13faf7
    • Instruction Fuzzy Hash: 3AF1F251F2AF8249DA2786354831776A6589FA63E4F02D733FE3B39BF9DB18A1434500
    Function 00007FFDFB4D8E80 Relevance: .4, Instructions: 433COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 38e3ed8e573c22511840b7b4c24d09eaf59bbbf2eeca7b7a047e1bc95bdf5d18
    • Instruction ID: 3bc0e17eeff016c6106956b251f0674a6aa32467371afe4255eef64d591cc5c4
    • Opcode Fuzzy Hash: 38e3ed8e573c22511840b7b4c24d09eaf59bbbf2eeca7b7a047e1bc95bdf5d18
    • Instruction Fuzzy Hash: 4D12B632E3AF524ED7538738D462536B719AFA62C4F11D323F926F5EA9DB2CE4424500
    Function 00007FFDFB54C390 Relevance: .4, Instructions: 431COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 5b4be3cf216bbf5b2378732003119712f6435b93bcb3df6a96d0e34a0a639539
    • Instruction ID: 17269c004ba6b742286c843a1099623de890c28334c0278e1cd2c0ccbd6d9feb
    • Opcode Fuzzy Hash: 5b4be3cf216bbf5b2378732003119712f6435b93bcb3df6a96d0e34a0a639539
    • Instruction Fuzzy Hash: DB12C0A2B0D5C691E7335721E0747EEBF60EBC6740F104226D3E9519EEEA2ED561CB40
    Function 00007FFDFB553B40 Relevance: .4, Instructions: 429COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 119ed3c22b8776ada4ceac7a7a68ecbd36920fb59c71c00117d07a5757708e07
    • Instruction ID: f52f798833d53110105dd155548e4be8f4252b327ceae74b58d23c842a628437
    • Opcode Fuzzy Hash: 119ed3c22b8776ada4ceac7a7a68ecbd36920fb59c71c00117d07a5757708e07
    • Instruction Fuzzy Hash: A702FC22E29F8649D3238931843177A9658AFA73D5F10D323FA6B35AB9DF2DE0934500
    Function 00007FFDFB54B120 Relevance: .4, Instructions: 427COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: fef230f12ef51237a39ab5b70f93dd048508814634f467387aa8505feba75214
    • Instruction ID: 80a0663ff3c8710782e3f1dc803dac62165f300b1fb4d8b378e5d3b25d6030dc
    • Opcode Fuzzy Hash: fef230f12ef51237a39ab5b70f93dd048508814634f467387aa8505feba75214
    • Instruction Fuzzy Hash: 0B12B172F0D5C791E7375620D1707AEBB60EB86780F204632D2EA51AFEFE2DD5618A40
    Function 00007FFDFB54A960 Relevance: .4, Instructions: 409COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 3505da8eafc6020f2da5b32b8363c48397a0ef74a506660be05b09585ddeb045
    • Instruction ID: fe0977256cfb0b619c502941a8f5f680c356b89e2357e7c82433012fe5d86a60
    • Opcode Fuzzy Hash: 3505da8eafc6020f2da5b32b8363c48397a0ef74a506660be05b09585ddeb045
    • Instruction Fuzzy Hash: AF12B262F0D5C794E7735620D1707EE6B60EB82784F204622D2EA51AFEFE2DD5618F80
    Function 00007FFDFB4EC930 Relevance: .4, Instructions: 406COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 016004c5287d06109edddff589a8d18ee8bc4b7b6ee8c74416aba534709c3a2d
    • Instruction ID: 7b352a0ac1b6bee5001d4acf852b03d5723c1b26941cfdb4dee39185a944f8ce
    • Opcode Fuzzy Hash: 016004c5287d06109edddff589a8d18ee8bc4b7b6ee8c74416aba534709c3a2d
    • Instruction Fuzzy Hash: DBE12A22F25F560EE3278B795861B7156099FB77D0F11D333EC1A7AEA5EF1895438100
    Function 00007FFDFB4ECFD0 Relevance: .4, Instructions: 406COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: dc15b28ec454bb62a3b466608b824145a15bd3e696c7c4da085c39179dac877a
    • Instruction ID: 85e426c3422ee365e4a2286ba2d29fab31ccc95756fd01083bf5a3656fe6954b
    • Opcode Fuzzy Hash: dc15b28ec454bb62a3b466608b824145a15bd3e696c7c4da085c39179dac877a
    • Instruction Fuzzy Hash: DEE14922F25F560AE72747795831B7097189FAA7D4F12D333ED1A37BA5EF28A5438200
    Function 00007FFDFB4C9300 Relevance: .4, Instructions: 405COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 2b8319b5f39006afc96b84a25af54b9b438759a3ab066925ab3a5de209946ee1
    • Instruction ID: 1ede35ae2d79179774ecb09b96b3515191de8a89186a84274eeaec6276ee422d
    • Opcode Fuzzy Hash: 2b8319b5f39006afc96b84a25af54b9b438759a3ab066925ab3a5de209946ee1
    • Instruction Fuzzy Hash: 67E18C22F25F560AE72746799C31B7057185FB67C4E42D333ED1A76FA5EB2CA5838100
    Function 00007FFDFB54BAA0 Relevance: .4, Instructions: 404COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a168931a7aad363172cd2c46a20c4e0c42c11e0cb211525911ee86a20a6ee5dc
    • Instruction ID: 8a61ee5d994faf06128860fd59d32fc84f432829b3fedae39d41c66e8e278e64
    • Opcode Fuzzy Hash: a168931a7aad363172cd2c46a20c4e0c42c11e0cb211525911ee86a20a6ee5dc
    • Instruction Fuzzy Hash: 3802B262F0D5C384E7335634D1707BEAB60EB92784F204732D6EA51AFEEE2DD5618A40
    Function 00007FFDFB4BC4C0 Relevance: .4, Instructions: 400COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 04da69dae6d7f630540a50a2f9a63f1955bf6143a1993f515167344a61911ee0
    • Instruction ID: 1ad6bcfd38371b4112abde8873438c075149fd350c3289e3e6f9475c07f3dd50
    • Opcode Fuzzy Hash: 04da69dae6d7f630540a50a2f9a63f1955bf6143a1993f515167344a61911ee0
    • Instruction Fuzzy Hash: E5E14A22F25F564EE2278A799871B7196189FB67D0F02D333FD1E36EA9DF1895838100
    Function 00007FFDFB4ED670 Relevance: .4, Instructions: 397COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 2076748fbdee3fc284958df1566b974dc2e57fe5e3e7f0d49fd8c6dcbca135e4
    • Instruction ID: 7d43c6f6bf0ec3bdcf0b5e8c81ec80e6b839d88a3ce36ffd6064a251cf7bb987
    • Opcode Fuzzy Hash: 2076748fbdee3fc284958df1566b974dc2e57fe5e3e7f0d49fd8c6dcbca135e4
    • Instruction Fuzzy Hash: BCE12A22F25F560AE7274B759831B7057189FBA3D0F12D333ED1A37BA9EB18A5838140
    Function 00007FFDFB4F16B0 Relevance: .4, Instructions: 375COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 7f22af1649f37f95e399366aaaa56e389e619e8db4ba4bef596225a4e077836e
    • Instruction ID: 1d1530c11f8be5ce74943e97d96f572924317d7e4a8589209aef778004722917
    • Opcode Fuzzy Hash: 7f22af1649f37f95e399366aaaa56e389e619e8db4ba4bef596225a4e077836e
    • Instruction Fuzzy Hash: 2E02A932E3AF9249D76347359471A35B768AF913D4F11E322F96A759F8EB2CE0434A00
    Function 00007FFDFB4EEC00 Relevance: .4, Instructions: 364COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: c28c778f20b16573a6effc39255455dfce495ccef60adc517b533b75d05e3ffc
    • Instruction ID: 220149552b6569bec5e749fd92365069a2f95104fda81aff69a9fbe751352c1c
    • Opcode Fuzzy Hash: c28c778f20b16573a6effc39255455dfce495ccef60adc517b533b75d05e3ffc
    • Instruction Fuzzy Hash: D8E1A3A3F1914262D3673760E532A986F60D751BD0F311E29D1DAA0AFEFD1B5E248EC0
    Function 00007FFDFB531890 Relevance: .4, Instructions: 364COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 46e3302047f4cb07a1d6341551cbdd1f793d9469e338f746e2e117340ec56923
    • Instruction ID: c08538f835a034a72f8d5ddb028c5a44170a5e34bf70591184d9c03efc5f807b
    • Opcode Fuzzy Hash: 46e3302047f4cb07a1d6341551cbdd1f793d9469e338f746e2e117340ec56923
    • Instruction Fuzzy Hash: E0D11922F1E99741EF234A359420B769692AF567D0F189B31EE6D13BEDDF3CD4828600
    Function 00007FFDFB4BA620 Relevance: .4, Instructions: 363COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a9cb1ea5cd67f6e2cf96ee1403afd4eb7e9d41ae3d214b56c6e55219ad245be9
    • Instruction ID: 7319d059c71b41f35ca7638766f4f325ed62aeb84fe62ed7027b9bdfecf0b603
    • Opcode Fuzzy Hash: a9cb1ea5cd67f6e2cf96ee1403afd4eb7e9d41ae3d214b56c6e55219ad245be9
    • Instruction Fuzzy Hash: 39E1D012F2AF9249EA2386348931775665C6F6B3D8E01D323EE6E75EB5DF28A1434500
    Function 00007FFDFB504510 Relevance: .4, Instructions: 358COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 8a4c7f118c4af21d9100798fb35c87f7879fbe4955e37dcdf8b022f66d04bee3
    • Instruction ID: 28d0ded8ab9dc42beac3b56edde54d42b1851e5ffbf1dff519d7e4450d160750
    • Opcode Fuzzy Hash: 8a4c7f118c4af21d9100798fb35c87f7879fbe4955e37dcdf8b022f66d04bee3
    • Instruction Fuzzy Hash: 83C17822F2D44303F76B49284820A3821A26FD17E1F295334EDBB5B7EEDE3C9D459640
    Function 00007FFDFB592510 Relevance: .3, Instructions: 347COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 8ac7e9c1f6a01932d5966602faf0866dce1a467f159da0a7ae7a8c536feb3030
    • Instruction ID: 7493aa85509b1b72e6eb5eba48655c9cbb104b34b53db7ef13dab47e2f89dbc8
    • Opcode Fuzzy Hash: 8ac7e9c1f6a01932d5966602faf0866dce1a467f159da0a7ae7a8c536feb3030
    • Instruction Fuzzy Hash: 23C1AF62B4576547EB24CF11B851B99A765F78D7C8F08A035EE8D47BA9CE3CD841C700
    Function 00007FFDFB4CA450 Relevance: .3, Instructions: 342COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: c26a855b300e4ad5e3c3472d79acb444b9a0f40ca346f8039a3b7e0abd541398
    • Instruction ID: ce0a6bc0d19f4df144ceeea4adb31886048ab52c978ed3b6cb9281eea210e1f7
    • Opcode Fuzzy Hash: c26a855b300e4ad5e3c3472d79acb444b9a0f40ca346f8039a3b7e0abd541398
    • Instruction Fuzzy Hash: E2D1F612F2AF8249EB17873459727766258AF663E4F02D332ED6B36AF9DF18A5434100
    Function 00007FFDFB4C0F60 Relevance: .3, Instructions: 341COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d5c35888e2e6e3a0c99eb31175262ccb21e5c3019fd412ac34f66c63fc28f7f0
    • Instruction ID: fcd7b5bb3cf28d113c78d2cde2c712006b5dfba9fa06e4883b8e776a7c4be969
    • Opcode Fuzzy Hash: d5c35888e2e6e3a0c99eb31175262ccb21e5c3019fd412ac34f66c63fc28f7f0
    • Instruction Fuzzy Hash: 3EB1DCA3F2984343F76A09295920F3811825FD1BA9F656335ED3B97BF4CD3D9C059A40
    Function 00007FFDFB4D1760 Relevance: .3, Instructions: 324COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6c4c2165f926c7f95825eb64fc32db0cc582075c1f2306dfc8bd96fc9e0b818d
    • Instruction ID: 78ae45e144743821e1e52216fd9a4464f426a1c9ce39e17837080b833bd60dae
    • Opcode Fuzzy Hash: 6c4c2165f926c7f95825eb64fc32db0cc582075c1f2306dfc8bd96fc9e0b818d
    • Instruction Fuzzy Hash: E5D1A221E3AF524CEB2396395871636B71C6FBB2D5E51C327FC2A34EA5DB5AA1834100
    Function 00007FFDFB506360 Relevance: .3, Instructions: 310COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 07c721c534180ab0a027f40f5909b6b421fb10a9e493fbd9df6b9d091e9e86eb
    • Instruction ID: 0ee99f8caaabc468aad30538ed3b66b34a0a3ae0ed89ec8eb8f0079f7cb4303f
    • Opcode Fuzzy Hash: 07c721c534180ab0a027f40f5909b6b421fb10a9e493fbd9df6b9d091e9e86eb
    • Instruction Fuzzy Hash: 04D1D522E2EE4386EB5396349471736A7649F673C4F158333F96A35BEEDB1DA1824200
    Function 00007FFDFB54CCB0 Relevance: .3, Instructions: 303COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: ef14dd4d6d9ff842d9815e6f7aa3e3943646684d0ca02773cf9ff5dcbf94bd40
    • Instruction ID: 8d52b7da231fe97f9dff582ae6df61b5a7b94901a4158f514b9ac2556b12418c
    • Opcode Fuzzy Hash: ef14dd4d6d9ff842d9815e6f7aa3e3943646684d0ca02773cf9ff5dcbf94bd40
    • Instruction Fuzzy Hash: DFD1D032F19F8786E7278E35D530676A354EF96380F109333EA5915AF9DF2DD4928A00
    Function 00007FFDFB51E980 Relevance: .3, Instructions: 301COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 551e96eaac94b4593811af65f1abae5d1cd731806e3a8cadf9ea6fde07c46e2f
    • Instruction ID: 23209bc1574b54df570d12138a19d66680ce905dcbb03288d73d0133f3e12f4b
    • Opcode Fuzzy Hash: 551e96eaac94b4593811af65f1abae5d1cd731806e3a8cadf9ea6fde07c46e2f
    • Instruction Fuzzy Hash: 63B1E421F7AF920DD67386769830675AA4C5FB73D5A02E717FD2A78DF0E70AA1834600
    Function 00007FFDFB51F3D0 Relevance: .3, Instructions: 300COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 3b4460ea51bc18654a188e415c05c3822887f64006a440744ad6666ae51ba699
    • Instruction ID: a6773aba4af09eb7ae252612f700c7b8e1bcfd805b6ca7ed6cdb36929d059221
    • Opcode Fuzzy Hash: 3b4460ea51bc18654a188e415c05c3822887f64006a440744ad6666ae51ba699
    • Instruction Fuzzy Hash: 79B10921F39F920DD67396769830674AA0C6FB73D5A02E317FC2A38DF1E70A90834600
    Function 00007FFDFB51EEB0 Relevance: .3, Instructions: 300COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a84864bb31aa7b5e32277f2ef3c194d3bbf43db8e3c6bb0cfeda7af1dc96eaaf
    • Instruction ID: 877916f1a381cfc88d992e7e63d95435371307c6bf4a563963ff9250d43f949f
    • Opcode Fuzzy Hash: a84864bb31aa7b5e32277f2ef3c194d3bbf43db8e3c6bb0cfeda7af1dc96eaaf
    • Instruction Fuzzy Hash: 7BB1E721E79F920DD67386769831675AA4C5FB73D5A02E317FC2B78DF1EB0AA1834600
    Function 00007FFDFB504AE0 Relevance: .3, Instructions: 287COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 49ff74b7997be9a7a7cef4a9b9172511e6bdbe0c09c7c16122f689449d9c93f1
    • Instruction ID: 583f730f6a9c5f8bb9d5002748a90a6d38e1e5ae4f269d8ba6d299095e1b3220
    • Opcode Fuzzy Hash: 49ff74b7997be9a7a7cef4a9b9172511e6bdbe0c09c7c16122f689449d9c93f1
    • Instruction Fuzzy Hash: A6A18681F36AC702EB2643795831FB44561AF623F5E18D331EE7A7ABEDEB1C56819100
    Function 00007FFDFB5526B0 Relevance: .3, Instructions: 277COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: def1668d0114a901585b01d5db24e79118c5730304809109b504a4b2e9483552
    • Instruction ID: 840d927d2741a2a6442e1a0e12f39003427f53db0fecbc6988d9ca263d675eee
    • Opcode Fuzzy Hash: def1668d0114a901585b01d5db24e79118c5730304809109b504a4b2e9483552
    • Instruction Fuzzy Hash: 46C1ED32E19F8646D3179E35D42067AE364EF96384F10D332EB59256F9DF2DE4928B00
    Function 00007FFDFB4EE1C0 Relevance: .3, Instructions: 272COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 035933fdac6a1f909daa1c00fd50f81463c8af8a6fd834abc983d0cde452a79c
    • Instruction ID: 0dcfc941d84f4e94ebc131f1334680239a82e0aeb44ada48c182cf751690e89b
    • Opcode Fuzzy Hash: 035933fdac6a1f909daa1c00fd50f81463c8af8a6fd834abc983d0cde452a79c
    • Instruction Fuzzy Hash: CCC1D532E29F1249E3778B34A8616357754EF653D4F519333E92AB1DB8EF2DE1428600
    Function 00007FFDFB4B4640 Relevance: .3, Instructions: 272COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: ea1d0b3a6cb5cb37c007f34f7ce4f27706d180f4d8cf2a2e339f342492bf67e9
    • Instruction ID: 94692f011829f8eeced1845ab8339ba8ea62e94211daccf5d4a49af1d8b1e09b
    • Opcode Fuzzy Hash: ea1d0b3a6cb5cb37c007f34f7ce4f27706d180f4d8cf2a2e339f342492bf67e9
    • Instruction Fuzzy Hash: D5D1F832D2EF4389D7639B36A460A65A328EF563D4F11D322E92E365F4DF2DD0938600
    Function 00007FFDFB4C84F0 Relevance: .3, Instructions: 269COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 30c2f44912f5e09ebd99c88d57d39f464eaeee4cd27c2cecf72a42ba10740dcc
    • Instruction ID: 05d9bfeee5e583e1e9f7de015138ecbf43fbd52bfe5374fba0de0956316e6b0e
    • Opcode Fuzzy Hash: 30c2f44912f5e09ebd99c88d57d39f464eaeee4cd27c2cecf72a42ba10740dcc
    • Instruction Fuzzy Hash: D3A11852F2FD6341EB614A349620F759751AF91B98F269331DD6D23AECDF3CE8428204
    Function 00007FFDFB4BCB40 Relevance: .3, Instructions: 267COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 4db3963ad50e004714a37869b501b581ddd5cc8b371eae06e2c9d2a34473a976
    • Instruction ID: 4138fea64a4584ae75090e411f460c3d3f57c9212d9ed21b5cdfa7e41ffeaea7
    • Opcode Fuzzy Hash: 4db3963ad50e004714a37869b501b581ddd5cc8b371eae06e2c9d2a34473a976
    • Instruction Fuzzy Hash: 27A11612F29F9245E72387345431BB563589F663F5F02D332EE6A76AE9DF2C92438500
    Function 00007FFDFB4EDCE0 Relevance: .3, Instructions: 267COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 5d18fb902741463884a8091511c25784e1496c556b1443837f426afa14859011
    • Instruction ID: 8091aad8ce08bebb35f5306d2abb86196bc6dc037ed8df9d9175b95fb91b2ca3
    • Opcode Fuzzy Hash: 5d18fb902741463884a8091511c25784e1496c556b1443837f426afa14859011
    • Instruction Fuzzy Hash: A8A11512F29F9245E72387345431BB563589F663F9F029333ED6A76AE9DF2CA2038100
    Function 00007FFDFB4B52D0 Relevance: .2, Instructions: 249COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 2ebf0d4392b518ed46df58e1a546be9c986e70c751878c7e1f96ccabe1ccea36
    • Instruction ID: 84ed000c7c20520d104c412493cd34e4e2ffc1db1037737df5696eeadc3b08e3
    • Opcode Fuzzy Hash: 2ebf0d4392b518ed46df58e1a546be9c986e70c751878c7e1f96ccabe1ccea36
    • Instruction Fuzzy Hash: 3FC1E932E3AF4389D7539B36A460A646328EF617D4F11D732E92B366F5DF2D90938600
    Function 00007FFDFB592170 Relevance: .2, Instructions: 244COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 5cf2624e55a330b87f8c0472f5d428c4070dec954c1d9240c8d87dcebd6b07f0
    • Instruction ID: 0a05dd26802650e5e42a7d4dd128644f97fc04ed1b272ff7a57330dc8f668bc4
    • Opcode Fuzzy Hash: 5cf2624e55a330b87f8c0472f5d428c4070dec954c1d9240c8d87dcebd6b07f0
    • Instruction Fuzzy Hash: BF81AEA2F11FA546DB06DF32A910F959219BB58BD4F05D332DE2D2BBE9DA3CC502C200
    Function 00007FFDFB4B60E0 Relevance: .2, Instructions: 235COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 094128e65ce4ee1d3f125fa9b13db7303f6ab075c80fac6e8482d058264ed630
    • Instruction ID: e809546f692a1b1702d1e39d76deace86f3af38b19c5ca7d740d7d8c2a6297dd
    • Opcode Fuzzy Hash: 094128e65ce4ee1d3f125fa9b13db7303f6ab075c80fac6e8482d058264ed630
    • Instruction Fuzzy Hash: 33C1D622F29F8388D363873594716356718AF672D5B12D337E46F75ABADF1CA0938600
    Function 00007FFDFB4B9240 Relevance: .2, Instructions: 230COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 01b0d08238f732f86c5fcd97342b466156b3b345439f645708aa888bc85a9206
    • Instruction ID: 35e8603f777f8d255c62400928ceca785992a3b797d38afe2996c74f89955fac
    • Opcode Fuzzy Hash: 01b0d08238f732f86c5fcd97342b466156b3b345439f645708aa888bc85a9206
    • Instruction Fuzzy Hash: 36A1B021E2AF4249D66386309471776B35CAFA73D4F11E323F96B74AF9DF18A0834900
    Function 00007FFDFB5915B0 Relevance: .2, Instructions: 224COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 931d8c6ccc1ae5a39f24684deed67a703beb54abe1614145a1f90ddf6d62d1b5
    • Instruction ID: c9d8275461610dab98790afd028a6ee04811ca31ebc6baef5ff3e6bb70a378e7
    • Opcode Fuzzy Hash: 931d8c6ccc1ae5a39f24684deed67a703beb54abe1614145a1f90ddf6d62d1b5
    • Instruction Fuzzy Hash: 40811862B1AA9796EB22CB16A420B357760BB4478CF045335DE6D137E9DF3CE545CB00
    Function 00007FFDFB58FE20 Relevance: .2, Instructions: 218COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 62834c3136cc061e6afbbc8f43515c8ec4fa69d6ad4d8141bd8c20b10c354076
    • Instruction ID: 360332e5dd31bc9408e2a35227c5e7eae513abd999db40b758d078e74525d433
    • Opcode Fuzzy Hash: 62834c3136cc061e6afbbc8f43515c8ec4fa69d6ad4d8141bd8c20b10c354076
    • Instruction Fuzzy Hash: 73815E61B14F8246E7138B35A4617B6A365BF567D4F048322ED5A63BBADF3CE142C700
    Function 00007FFDFB4F2130 Relevance: .2, Instructions: 216COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 49638405a087308876907fb22c3f9984d5718240554481d42d0310f29fd439d8
    • Instruction ID: c218e5b938e6baaa923204e20d2605a0e5d4aff863255670e03c5dc1c490641b
    • Opcode Fuzzy Hash: 49638405a087308876907fb22c3f9984d5718240554481d42d0310f29fd439d8
    • Instruction Fuzzy Hash: 3F91C632E29E528AD372873599619297754FF99388F14C332F529A7DFDDF2CE1818A00
    Function 00007FFDFB54D6B0 Relevance: .2, Instructions: 207COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: fd0e0ea0d155c843edde5cb7a9320593a6a3265ee2024138aa6cd55d8a67bef7
    • Instruction ID: 20aa40e0eea64611847d12c9fd613b637430839b28143fa54902d579da6023d3
    • Opcode Fuzzy Hash: fd0e0ea0d155c843edde5cb7a9320593a6a3265ee2024138aa6cd55d8a67bef7
    • Instruction Fuzzy Hash: 4991A732B19A4786E7168E34D43077AA360FF85384F009236EB6E566EDDF7CE951CA00
    Function 00007FFDFB4D8AB0 Relevance: .2, Instructions: 203COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 7b94b6364d9f8ecc1e2973ad542fe804447542a1e2b8fea954b94bbafe4a884e
    • Instruction ID: ae274c11bc78c8c4360deb98821d41609b7587a88474a06b2743141b501349b7
    • Opcode Fuzzy Hash: 7b94b6364d9f8ecc1e2973ad542fe804447542a1e2b8fea954b94bbafe4a884e
    • Instruction Fuzzy Hash: CC819321F2AF4288EA53973594717766358AFAA7D4F12D323F81B36BF9DF18A0934100
    Function 00007FFDFB4B98F0 Relevance: .2, Instructions: 203COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 9c9c3b041f443a02d4cfbb25eac4bd17b2791ecba92c8ad740aca22d120b887c
    • Instruction ID: 3ddd7b6dd2c969ce04ec21e2a51b8ecad4cbf4939dfd4e2620a16bbe9e08341a
    • Opcode Fuzzy Hash: 9c9c3b041f443a02d4cfbb25eac4bd17b2791ecba92c8ad740aca22d120b887c
    • Instruction Fuzzy Hash: 35819221F29F8288EA53873594617766358AFA63D4F12D323F91F76BF9DF18A0934500
    Function 00007FFDFB4C9EB0 Relevance: .2, Instructions: 203COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 87bce2d7c5d8f37564b3338fd23e95d9f15756c4f0121a1a387407bd7a96ed2a
    • Instruction ID: 8121cd8e4c884ba09ceac10853ef585775bf5022aab218a6f4b5dd52f2e880c7
    • Opcode Fuzzy Hash: 87bce2d7c5d8f37564b3338fd23e95d9f15756c4f0121a1a387407bd7a96ed2a
    • Instruction Fuzzy Hash: 3D813D72E39F4789D35B8E36A572A346214AF637C5F11D333E92B319F9DF2865928200
    Function 00007FFDFB4E0B10 Relevance: .2, Instructions: 200COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 4fa29f32df1fefac24be1141ec8290592e149f214a7b5868cb4a0e3c47ea1f04
    • Instruction ID: 9034efb0a9417575e73ca6dc9b5d00ce08f6f66f00862f73cbb6aa71c2201e3f
    • Opcode Fuzzy Hash: 4fa29f32df1fefac24be1141ec8290592e149f214a7b5868cb4a0e3c47ea1f04
    • Instruction Fuzzy Hash: 0E91E521E39F8249D7638B3594716766358AFAA3D4F11A327F96B34EB8DF18A1834600
    Function 00007FFDFB4BB700 Relevance: .2, Instructions: 200COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 7b2903f9fd0b0a73cdea8a10db3e1eaacaa50b9f2f500f4407156dfb922e8102
    • Instruction ID: 52fe96964b0da58acf0ec972d0e21b31eb7627b64e85f6a6e15814f35647338f
    • Opcode Fuzzy Hash: 7b2903f9fd0b0a73cdea8a10db3e1eaacaa50b9f2f500f4407156dfb922e8102
    • Instruction Fuzzy Hash: 6C91D621E39F8249D6638B3594717766358AFAA3E4F11D327F96F34EB4DF18A1834600
    Function 00007FFDFB4CD310 Relevance: .2, Instructions: 197COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 53b23a8ff871ce8d5293a7dde1ead125a7bb58777e880a9bfea69504b5390a75
    • Instruction ID: 68595911b499604175564ded9ce66456ab2092119fea98c0bde35ae0663f4da5
    • Opcode Fuzzy Hash: 53b23a8ff871ce8d5293a7dde1ead125a7bb58777e880a9bfea69504b5390a75
    • Instruction Fuzzy Hash: 28812672F2AF1788E3278B3599716356315AF57398F518332E52F7A9F8DF2CA1828500
    Function 00007FFDFB591300 Relevance: .2, Instructions: 196COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 2325d13bcea4abe68e1b842b6fd1c3733934982d334fc04fdf697fc7854dc178
    • Instruction ID: 46489723813eb712a1b857cc6bb9db1001202662c211e90969d077dfba86c050
    • Opcode Fuzzy Hash: 2325d13bcea4abe68e1b842b6fd1c3733934982d334fc04fdf697fc7854dc178
    • Instruction Fuzzy Hash: 14610A66B16BA657EF1A9F25952073936A0BB087D8F009638DE3F477E5DB3CE8418600
    Function 00007FFDFB4CBF10 Relevance: .2, Instructions: 192COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 5bfffbf3c97e4c293a94c6063d7cc05e155f98ccc300e52c3a4176bcc98c158a
    • Instruction ID: 947aa4336f38aec284357b09e90a4ee60f6ab9c1ddc6f2d2fd1192bdcb1f94a7
    • Opcode Fuzzy Hash: 5bfffbf3c97e4c293a94c6063d7cc05e155f98ccc300e52c3a4176bcc98c158a
    • Instruction Fuzzy Hash: 3391E732E2AF5789D3278B3658716356214AFA67C4F15D333E42F759F9DF2CA1828500
    Function 00007FFDFB4F1DD0 Relevance: .2, Instructions: 192COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 7c8978cca177bba2a7f0ee3dd6e3b0016b93c9fe6141872dbef0b80195821fad
    • Instruction ID: aec5ba8f32f3c2dcc28b159f222e4e34d681a2c3242c14860a66a19fd498dbd2
    • Opcode Fuzzy Hash: 7c8978cca177bba2a7f0ee3dd6e3b0016b93c9fe6141872dbef0b80195821fad
    • Instruction Fuzzy Hash: 43811822E2AF4788E3238B3594716356715AF663D5F51C332E52F7A9F8DF2CE1828600
    Function 00007FFDFB4BE4B0 Relevance: .2, Instructions: 192COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 73e6c9d005b11431245f524f5aed0ba73343ebbf1519dec636c7560edcf032d0
    • Instruction ID: 49fd141f1310dd668d680b4fdfb159b3e9c714ed794d376689b223e3a53ac05e
    • Opcode Fuzzy Hash: 73e6c9d005b11431245f524f5aed0ba73343ebbf1519dec636c7560edcf032d0
    • Instruction Fuzzy Hash: 43814B22E29F0784E323873995716356315AF963C9F51C732E52F799F9EF2CE1824600
    Function 00007FFDFB54D2A0 Relevance: .2, Instructions: 190COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 41277bf010971ae7e4087a96f13162fe19b3524e711f5ce92598cffc7a24a00c
    • Instruction ID: 3dec3cdec7cc5f2936b11014d3a1943e05064153dd4c72a3fd14703007a826d5
    • Opcode Fuzzy Hash: 41277bf010971ae7e4087a96f13162fe19b3524e711f5ce92598cffc7a24a00c
    • Instruction Fuzzy Hash: 9981B932B19E47C5E7268A35D03077AA350FF96344F009336E76E666E9DF3CE5928A00
    Function 00007FFDFB4B8BC0 Relevance: .2, Instructions: 184COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a67ec89f879223372e398217338fb620e29794df0c382a7868d4ceca52482606
    • Instruction ID: 5b57eb20e3539c47f070c348f1898f2b877554e3e77895e53dbd9319aa704f3d
    • Opcode Fuzzy Hash: a67ec89f879223372e398217338fb620e29794df0c382a7868d4ceca52482606
    • Instruction Fuzzy Hash: 0671AF21E2AF8249DA5397359471776A318AFA63D4F11D323F96F35BF8DF18A0934600
    Function 00007FFDFB4D13F0 Relevance: .2, Instructions: 184COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 64e64bf01820c876063b654664034f010fbadcb8e0dd08d4b7e7cc0a469e0812
    • Instruction ID: e50313dee6b93de8c7daf0aa921f838eb771dfe5602029debede2699ac854836
    • Opcode Fuzzy Hash: 64e64bf01820c876063b654664034f010fbadcb8e0dd08d4b7e7cc0a469e0812
    • Instruction Fuzzy Hash: 8271B121E2AF8249DB5397359471776A318AFAA3D4F11D323F96B35BF9DF18A0838500
    Function 00007FFDFB4C8BD0 Relevance: .2, Instructions: 173COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: fe90c0ef3c378eba2375e6ba37783d6d143187b7c9aed0e9ede92d85dcad7acb
    • Instruction ID: 0b79a398ed50e8ed1d4313fa9ecae723f307f7611519cd31cb036f787a165092
    • Opcode Fuzzy Hash: fe90c0ef3c378eba2375e6ba37783d6d143187b7c9aed0e9ede92d85dcad7acb
    • Instruction Fuzzy Hash: D56108A1F1F91755FB6A8A349A30E3413529F72BC8E109336D92F666FCEF2C65814210
    Function 00007FFDFB4CAA80 Relevance: .2, Instructions: 171COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: a2b3061c66c281f6c5a0ece4a3d787df2b41a8c81dde58f407fd36e817a43712
    • Instruction ID: 8116aa67c6d52b70da627cde0277db3fade512156f6dee1695543e1376f2e30b
    • Opcode Fuzzy Hash: a2b3061c66c281f6c5a0ece4a3d787df2b41a8c81dde58f407fd36e817a43712
    • Instruction Fuzzy Hash: 79613572F29F1789E36B86366572F361214AF62784F129336E12F21DFDDF1D61828200
    Function 00007FFDFB4DA010 Relevance: .2, Instructions: 170COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 7b034d4ae0bef55d3e8bb3621fa9dd719b8c7a120a1e16a906c8c7b8114f773c
    • Instruction ID: d331b4c42049574015a6fe037d21206bcd93d129951fed3b3e0a5cbaa2c1507e
    • Opcode Fuzzy Hash: 7b034d4ae0bef55d3e8bb3621fa9dd719b8c7a120a1e16a906c8c7b8114f773c
    • Instruction Fuzzy Hash: DE810321E2EF4388E7238736A47163562196F6A3D8F02D333E92E759F9DF1DA1838504
    Function 00007FFDFB4B9CC0 Relevance: .2, Instructions: 170COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 5d32a59b8c30f1a246eb7320b6288177383b8731a1afc40a0d9aa95af8480761
    • Instruction ID: 24dddefcc6684f6ea2371ea37ba54c1bdd779c037d87c6fcef77c3b725fcd5b1
    • Opcode Fuzzy Hash: 5d32a59b8c30f1a246eb7320b6288177383b8731a1afc40a0d9aa95af8480761
    • Instruction Fuzzy Hash: F181F421E2EF5388E723873694716356218AF663D9F02D333E92E759F99F1DA1838904
    Function 00007FFDFB591A10 Relevance: .2, Instructions: 161COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: fb8d761121db8e9d51aaaaec2445dd3bd33d7b0b178a85ee4080ed671954576a
    • Instruction ID: c39342707e3cce49627de2287a0fbd29e8baef45c0606f4cfa4cc0871dd37460
    • Opcode Fuzzy Hash: fb8d761121db8e9d51aaaaec2445dd3bd33d7b0b178a85ee4080ed671954576a
    • Instruction Fuzzy Hash: 25513AA2B06B9356EB21CB26E410B7962A0EF547C8F118234DE6D47BF9DF3CE5818700
    Function 00007FFDFB4BD020 Relevance: .2, Instructions: 158COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 38173b49ad3a54d5b2293eb3c62621e4386f534d703035a610f9eabd62e6abf0
    • Instruction ID: 42700a630b0ce0be24595617f35c0bf97c1acdd5de6c4f9423a9ae93e7e23f82
    • Opcode Fuzzy Hash: 38173b49ad3a54d5b2293eb3c62621e4386f534d703035a610f9eabd62e6abf0
    • Instruction Fuzzy Hash: 86613831F29E1789E72B87359471B366219AF62385F12C336E62F35DE9DF1D61828A00
    Function 00007FFDFB4EE6C0 Relevance: .2, Instructions: 158COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d9e058288062cfc7a3274efe7028e4185b4dfbe26cc7034c14453b825a77cc1d
    • Instruction ID: ce272baa8896ee48eca388724ef799d3034dfffd91fdcc7532c74947891288d2
    • Opcode Fuzzy Hash: d9e058288062cfc7a3274efe7028e4185b4dfbe26cc7034c14453b825a77cc1d
    • Instruction Fuzzy Hash: 69613631F29E1789E76B87359471A366219AF623C5F52C336E52B359F9DF2C60838600
    Function 00007FFDFB4B8F30 Relevance: .2, Instructions: 155COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 5d001685cde57dd69e6d5499c01484a1483b37e70a26819e70c39d258613f5dd
    • Instruction ID: f829d562a27e4203fa6895b266181b44d0fdc3721f9f44a6f684063243148cf1
    • Opcode Fuzzy Hash: 5d001685cde57dd69e6d5499c01484a1483b37e70a26819e70c39d258613f5dd
    • Instruction Fuzzy Hash: FA717E22E2AF4388E7674B3195615326318AF7A2E5F16D333E52FB5AB9DF1CA0D34100
    Function 00007FFDFB4D2650 Relevance: .2, Instructions: 155COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 6e816c0f78ab03e732b50abe3fc9ebc9e2b2b0a385e43e19b038264679c99195
    • Instruction ID: 6ddfad0bfaa9474026ad358281de98050d9cdd766893e1d6ee98d4efbe869047
    • Opcode Fuzzy Hash: 6e816c0f78ab03e732b50abe3fc9ebc9e2b2b0a385e43e19b038264679c99195
    • Instruction Fuzzy Hash: 13715D22F2AF4388E7639B35956163663186F7A2E5F16D333E42E75AB9DF1CA0D34100
    Function 00007FFDFB4BBAE0 Relevance: .1, Instructions: 141COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 860788318de192d3b4b3ddbb509c0cdd4444bb495f2c3d059925915e2b18e2ef
    • Instruction ID: 2a0433e12b71308eebc015a46c0b4c923a379a1d9d41cc16180968e67fc2ef3d
    • Opcode Fuzzy Hash: 860788318de192d3b4b3ddbb509c0cdd4444bb495f2c3d059925915e2b18e2ef
    • Instruction Fuzzy Hash: AA513631E2AF8389D763973654716355214BF6A3C8F61C333E92E349F9EF2DA1828500
    Function 00007FFDFB4E1200 Relevance: .1, Instructions: 141COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 09b88380b083e2c5602851094573cb46c33a93952d88dcd8e14091659b941835
    • Instruction ID: 5607514a5b22d3b6ba678c085ec2f5c907970f566590defe6059c447b97497f2
    • Opcode Fuzzy Hash: 09b88380b083e2c5602851094573cb46c33a93952d88dcd8e14091659b941835
    • Instruction Fuzzy Hash: 1C512831E2AF8789D763973654715356314AF6A3C9F61C333E82E359F9EF2DA1828900
    Function 00007FFDFB4B4AD0 Relevance: .1, Instructions: 138COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: cf06f54103c5cc25296ef1b72b92cb1f4eb859a5c468d4e750c106aa546d2a04
    • Instruction ID: b8af4fbd85bda1c71bc003ac15687fa0d91b02068c9c32558c568e7e6c8901cf
    • Opcode Fuzzy Hash: cf06f54103c5cc25296ef1b72b92cb1f4eb859a5c468d4e750c106aa546d2a04
    • Instruction Fuzzy Hash: C551F425F2E54784EB71833196A0EBB62519F9434CF609336F53E56DECDE2CE1868B40
    Function 00007FFDFB591FC0 Relevance: .1, Instructions: 132COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: d452344f4a644b9ec0b168545340ba19e39037bd80a5ac05049245aba1ec374e
    • Instruction ID: 4fabbf31c133d215ef692883bb51640dd7173e1dccde1bce6f650cfb8a224700
    • Opcode Fuzzy Hash: d452344f4a644b9ec0b168545340ba19e39037bd80a5ac05049245aba1ec374e
    • Instruction Fuzzy Hash: 3441FDB7F4127857D6088F55B9419C5FA59B398BC9F08E016DE5C57F64D638C983C240
    Function 00007FFDFB591EA0 Relevance: .1, Instructions: 85COMMON
    Download Yara Rule
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID:
    • String ID:
    • API String ID:
    • Opcode ID: 1f33713845d21480dc85f324d9f26d82b484ae95ff2e2e6418c8e3df5e1ce514
    • Instruction ID: cd4f0e83ac75ba4870f1ac0cd373e875c4e1f16df20674e3292c0467a9d005e2
    • Opcode Fuzzy Hash: 1f33713845d21480dc85f324d9f26d82b484ae95ff2e2e6418c8e3df5e1ce514
    • Instruction Fuzzy Hash: BB215BA3F0152903EB1C8EB67953A84C55E6BE8FD5309F1239D4C77BA5E939C8838240
    Function 00007FFDFB55EA20 Relevance: 38.6, APIs: 20, Strings: 2, Instructions: 109libraryloaderCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000000.00000002.2915035295.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000000.00000002.2915014796.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915237559.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915474698.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915527348.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000000.00000002.2915557948.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_0_2_7ffdfb4b0000_loaddll64.jbxd
    Similarity
    • API ID: HandleModule$AddressProc
    • String ID: _errno$_write
    • API String ID: 1883125708-629457799
    • Opcode ID: a7e45877e4498e92427e6c2f68ae8fdc50a8aa3ab37254dae28a79f26cfcfa8d
    • Instruction ID: dcdfa421a7974b0069e92ee6071cd1f393491f7abcb34fb76591985b338b78df
    • Opcode Fuzzy Hash: a7e45877e4498e92427e6c2f68ae8fdc50a8aa3ab37254dae28a79f26cfcfa8d
    • Instruction Fuzzy Hash: 20515660F1FF1780FB52CB19A970A7422A0BF98796F484435C87E067F9EFADA9458340

    Execution Graph

    Execution Coverage:0.1%
    Dynamic/Decrypted Code Coverage:0%
    Signature Coverage:0%
    Total number of Nodes:40
    Total number of Limit Nodes:2
    execution_graph 15476 7ffdfb4b5260 15477 7ffdfb5542e0 15476->15477 15482 7ffdfb4b5210 15477->15482 15496 7ffdfb553b40 15482->15496 15485 7ffdfb6248d0 8 API calls 15486 7ffdfb4b5257 15485->15486 15487 7ffdfb6248d0 15486->15487 15488 7ffdfb6248d9 15487->15488 15489 7ffdfb554396 15488->15489 15490 7ffdfb624d00 IsProcessorFeaturePresent 15488->15490 15491 7ffdfb624d18 15490->15491 15523 7ffdfb624ef4 RtlCaptureContext 15491->15523 15497 7ffdfb553b9a 15496->15497 15500 7ffdfb553bbd 15496->15500 15497->15500 15511 7ffdfb553bf1 15497->15511 15498 7ffdfb553bec 15501 7ffdfb4b8420 3 API calls 15498->15501 15499 7ffdfb553ca2 15502 7ffdfb553cbe 15499->15502 15503 7ffdfb55400d 15499->15503 15506 7ffdfb553c08 15499->15506 15500->15498 15500->15499 15501->15506 15514 7ffdfb4b8420 CreateFileW 15502->15514 15505 7ffdfb55401f 15503->15505 15507 7ffdfb5542ac 15503->15507 15508 7ffdfb4b8420 3 API calls 15505->15508 15512 7ffdfb6248d0 8 API calls 15506->15512 15510 7ffdfb4b8420 3 API calls 15507->15510 15508->15506 15510->15506 15511->15506 15519 7ffdfb521290 15511->15519 15513 7ffdfb4b5242 15512->15513 15513->15485 15515 7ffdfb4b844c 15514->15515 15516 7ffdfb4b86da 15514->15516 15517 7ffdfb4b846a GetProcessHeap HeapAlloc 15515->15517 15516->15506 15518 7ffdfb4b8497 15517->15518 15518->15516 15520 7ffdfb5212e7 15519->15520 15521 7ffdfb6248d0 8 API calls 15520->15521 15522 7ffdfb521513 15521->15522 15522->15506 15524 7ffdfb624f0e RtlLookupFunctionEntry 15523->15524 15525 7ffdfb624d2b 15524->15525 15526 7ffdfb624f24 RtlVirtualUnwind 15524->15526 15527 7ffdfb624ccc SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 15525->15527 15526->15524 15526->15525

    Executed Functions

    Function 00007FFDFB4B8420 Relevance: 4.7, APIs: 3, Instructions: 169memoryfileCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 00000003.00000002.1847988962.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000003.00000002.1847959704.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000003.00000002.1848304264.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000003.00000002.1848569628.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000003.00000002.1848642524.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000003.00000002.1848683063.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_3_2_7ffdfb4b0000_rundll32.jbxd
    Similarity
    • API ID: Heap$AllocCreateFileProcess
    • String ID:
    • API String ID: 3203875786-0
    • Opcode ID: 2d9733e9c9f357357592a8d9fb725a563b86b74d139ad321112a9bbe39b3b16f
    • Instruction ID: 149af692fd1ab315c5f17e023e2b7c5f9bbc79d92c1502df8cc7a40b21c95c7f
    • Opcode Fuzzy Hash: 2d9733e9c9f357357592a8d9fb725a563b86b74d139ad321112a9bbe39b3b16f
    • Instruction Fuzzy Hash: 8971A332B1A78286EB10CF29A460AA9B765FFC5B84F449235DE5D077A9DF3CE041CB04

    Non-executed Functions

    Function 00007FFDFB55EA20 Relevance: 38.6, APIs: 20, Strings: 2, Instructions: 109libraryloaderCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 00000003.00000002.1847988962.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 00000003.00000002.1847959704.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000003.00000002.1848304264.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000003.00000002.1848569628.00007FFDFB80D000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000003.00000002.1848642524.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 00000003.00000002.1848683063.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_3_2_7ffdfb4b0000_rundll32.jbxd
    Similarity
    • API ID: HandleModule$AddressProc
    • String ID: _errno$_write
    • API String ID: 1883125708-629457799
    • Opcode ID: a7e45877e4498e92427e6c2f68ae8fdc50a8aa3ab37254dae28a79f26cfcfa8d
    • Instruction ID: dcdfa421a7974b0069e92ee6071cd1f393491f7abcb34fb76591985b338b78df
    • Opcode Fuzzy Hash: a7e45877e4498e92427e6c2f68ae8fdc50a8aa3ab37254dae28a79f26cfcfa8d
    • Instruction Fuzzy Hash: 20515660F1FF1780FB52CB19A970A7422A0BF98796F484435C87E067F9EFADA9458340

    Execution Graph

    Execution Coverage:0.4%
    Dynamic/Decrypted Code Coverage:0%
    Signature Coverage:0%
    Total number of Nodes:183
    Total number of Limit Nodes:3
    execution_graph 18337 7ffdfb4b1090 18342 7ffdfb4b1000 18337->18342 18345 7ffdfb4b1023 18342->18345 18343 7ffdfb4b1034 18346 7ffdfb6248d0 _invalid_parameter_noinfo 8 API calls 18343->18346 18345->18343 18357 7ffdfb4b8a70 18345->18357 18347 7ffdfb4b107c 18346->18347 18348 7ffdfb6248d0 18347->18348 18349 7ffdfb6248d9 18348->18349 18350 7ffdfb4b10cb 18349->18350 18351 7ffdfb624d00 IsProcessorFeaturePresent 18349->18351 18352 7ffdfb624d18 18351->18352 18530 7ffdfb624ef4 RtlCaptureContext 18352->18530 18358 7ffdfb4b8a86 18357->18358 18359 7ffdfb4b8a8f 18357->18359 18358->18359 18361 7ffdfb61de50 18358->18361 18359->18345 18364 7ffdfb61d270 18361->18364 18368 7ffdfb61d2de 18364->18368 18365 7ffdfb6248d0 _invalid_parameter_noinfo 8 API calls 18366 7ffdfb61d727 18365->18366 18366->18358 18369 7ffdfb61d6c7 18368->18369 18371 7ffdfb61e920 18368->18371 18369->18365 18370 7ffdfb61de45 18369->18370 18370->18370 18372 7ffdfb61e939 18371->18372 18374 7ffdfb61e948 18371->18374 18375 7ffdfb62abb0 18372->18375 18374->18369 18376 7ffdfb62aac4 18375->18376 18377 7ffdfb62aad2 18376->18377 18381 7ffdfb62aafc 18376->18381 18389 7ffdfb62c1b8 18377->18389 18388 7ffdfb62e298 EnterCriticalSection 18381->18388 18383 7ffdfb62ab06 18384 7ffdfb62ab24 72 API calls 18383->18384 18385 7ffdfb62ab0f 18384->18385 18386 7ffdfb62e2ec _invalid_parameter_noinfo LeaveCriticalSection 18385->18386 18387 7ffdfb62aae2 18386->18387 18387->18374 18395 7ffdfb62db94 GetLastError 18389->18395 18391 7ffdfb62aad7 18392 7ffdfb62c07c 18391->18392 18445 7ffdfb62bf10 18392->18445 18396 7ffdfb62dbd5 FlsSetValue 18395->18396 18401 7ffdfb62dbb8 18395->18401 18397 7ffdfb62dbe7 18396->18397 18402 7ffdfb62dbc5 18396->18402 18412 7ffdfb62e344 18397->18412 18398 7ffdfb62dc41 SetLastError 18398->18391 18401->18396 18401->18402 18402->18398 18403 7ffdfb62dc14 FlsSetValue 18406 7ffdfb62dc20 FlsSetValue 18403->18406 18407 7ffdfb62dc32 18403->18407 18404 7ffdfb62dc04 FlsSetValue 18405 7ffdfb62dc0d 18404->18405 18419 7ffdfb62c1d8 18405->18419 18406->18405 18425 7ffdfb62d788 18407->18425 18411 7ffdfb62c1d8 __free_lconv_mon 5 API calls 18411->18398 18418 7ffdfb62e355 _invalid_parameter_noinfo 18412->18418 18413 7ffdfb62e38a RtlAllocateHeap 18416 7ffdfb62dbf6 18413->18416 18413->18418 18414 7ffdfb62e3a6 18415 7ffdfb62c1b8 __free_lconv_mon 10 API calls 18414->18415 18415->18416 18416->18403 18416->18404 18418->18413 18418->18414 18430 7ffdfb6309b4 18418->18430 18420 7ffdfb62c1dd HeapFree 18419->18420 18421 7ffdfb62c20c 18419->18421 18420->18421 18422 7ffdfb62c1f8 GetLastError 18420->18422 18421->18402 18423 7ffdfb62c205 __free_lconv_mon 18422->18423 18424 7ffdfb62c1b8 __free_lconv_mon 9 API calls 18423->18424 18424->18421 18433 7ffdfb62d660 18425->18433 18431 7ffdfb6309f0 _invalid_parameter_noinfo EnterCriticalSection LeaveCriticalSection 18430->18431 18432 7ffdfb6309c2 18431->18432 18432->18418 18434 7ffdfb62e298 _invalid_parameter_noinfo EnterCriticalSection 18433->18434 18435 7ffdfb62d67c 18434->18435 18436 7ffdfb62e2ec _invalid_parameter_noinfo LeaveCriticalSection 18435->18436 18437 7ffdfb62d694 18436->18437 18438 7ffdfb62d6e0 18437->18438 18439 7ffdfb62e298 _invalid_parameter_noinfo EnterCriticalSection 18438->18439 18440 7ffdfb62d6fc 18439->18440 18441 7ffdfb62d970 _invalid_parameter_noinfo 11 API calls 18440->18441 18442 7ffdfb62d712 18441->18442 18443 7ffdfb62e2ec _invalid_parameter_noinfo LeaveCriticalSection 18442->18443 18444 7ffdfb62d71a 18443->18444 18444->18411 18446 7ffdfb62bf3b 18445->18446 18453 7ffdfb62bfac 18446->18453 18449 7ffdfb62bf85 18451 7ffdfb629920 _invalid_parameter_noinfo 47 API calls 18449->18451 18452 7ffdfb62bf9a 18449->18452 18451->18452 18452->18387 18474 7ffdfb62bcf4 18453->18474 18457 7ffdfb62bf62 18457->18449 18463 7ffdfb629920 18457->18463 18464 7ffdfb62992f GetLastError 18463->18464 18465 7ffdfb629978 18463->18465 18466 7ffdfb629944 18464->18466 18465->18449 18487 7ffdfb62dc5c 18466->18487 18469 7ffdfb629981 18504 7ffdfb62bbd8 18469->18504 18471 7ffdfb629986 18513 7ffdfb628ce0 18471->18513 18475 7ffdfb62bd10 GetLastError 18474->18475 18476 7ffdfb62bd4b 18474->18476 18477 7ffdfb62bd20 18475->18477 18476->18457 18480 7ffdfb62bd60 18476->18480 18478 7ffdfb62dc5c _invalid_parameter_noinfo 16 API calls 18477->18478 18479 7ffdfb62bd3b SetLastError 18478->18479 18479->18476 18481 7ffdfb62bd94 18480->18481 18482 7ffdfb62bd7c GetLastError SetLastError 18480->18482 18481->18457 18483 7ffdfb62c09c IsProcessorFeaturePresent 18481->18483 18482->18481 18484 7ffdfb62c0af 18483->18484 18485 7ffdfb62bdac _invalid_parameter_noinfo 14 API calls 18484->18485 18486 7ffdfb62c0ca GetCurrentProcess TerminateProcess 18485->18486 18488 7ffdfb62dc96 FlsSetValue 18487->18488 18489 7ffdfb62dc7b FlsGetValue 18487->18489 18491 7ffdfb62dca3 18488->18491 18502 7ffdfb62995e SetLastError 18488->18502 18490 7ffdfb62dc90 18489->18490 18489->18502 18490->18488 18492 7ffdfb62e344 _invalid_parameter_noinfo 11 API calls 18491->18492 18493 7ffdfb62dcb2 18492->18493 18494 7ffdfb62dcd0 FlsSetValue 18493->18494 18495 7ffdfb62dcc0 FlsSetValue 18493->18495 18497 7ffdfb62dcee 18494->18497 18498 7ffdfb62dcdc FlsSetValue 18494->18498 18496 7ffdfb62dcc9 18495->18496 18500 7ffdfb62c1d8 __free_lconv_mon 11 API calls 18496->18500 18499 7ffdfb62d788 _invalid_parameter_noinfo 11 API calls 18497->18499 18498->18496 18501 7ffdfb62dcf6 18499->18501 18500->18502 18503 7ffdfb62c1d8 __free_lconv_mon 11 API calls 18501->18503 18502->18465 18502->18469 18503->18502 18505 7ffdfb630a6c _invalid_parameter_noinfo EnterCriticalSection LeaveCriticalSection 18504->18505 18506 7ffdfb62bbe1 18505->18506 18507 7ffdfb62bbf0 18506->18507 18509 7ffdfb630abc _invalid_parameter_noinfo 46 API calls 18506->18509 18508 7ffdfb62bbf9 IsProcessorFeaturePresent 18507->18508 18512 7ffdfb62bc23 _invalid_parameter_noinfo 18507->18512 18510 7ffdfb62bc08 18508->18510 18509->18507 18511 7ffdfb62bdac _invalid_parameter_noinfo 14 API calls 18510->18511 18511->18512 18512->18471 18514 7ffdfb628d0e 18513->18514 18516 7ffdfb628d20 18513->18516 18515 7ffdfb62c1b8 __free_lconv_mon 11 API calls 18514->18515 18517 7ffdfb628d13 18515->18517 18518 7ffdfb628d2d 18516->18518 18521 7ffdfb628d6a 18516->18521 18519 7ffdfb62c07c _invalid_parameter_noinfo 47 API calls 18517->18519 18520 7ffdfb62bfac _invalid_parameter_noinfo 47 API calls 18518->18520 18527 7ffdfb628d1e 18519->18527 18520->18527 18522 7ffdfb62c1b8 __free_lconv_mon 11 API calls 18521->18522 18523 7ffdfb628e16 18521->18523 18525 7ffdfb628e0b 18522->18525 18524 7ffdfb62c1b8 __free_lconv_mon 11 API calls 18523->18524 18523->18527 18526 7ffdfb628ec3 18524->18526 18528 7ffdfb62c07c _invalid_parameter_noinfo 47 API calls 18525->18528 18529 7ffdfb62c07c _invalid_parameter_noinfo 47 API calls 18526->18529 18527->18449 18528->18523 18529->18527 18531 7ffdfb624f0e RtlLookupFunctionEntry 18530->18531 18532 7ffdfb624d2b 18531->18532 18533 7ffdfb624f24 RtlVirtualUnwind 18531->18533 18534 7ffdfb624ccc SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 18532->18534 18533->18531 18533->18532 18535 7ffdfb4b5260 18536 7ffdfb5542e0 18535->18536 18541 7ffdfb4b5210 18536->18541 18539 7ffdfb6248d0 _invalid_parameter_noinfo 8 API calls 18540 7ffdfb554396 18539->18540 18546 7ffdfb553b40 18541->18546 18544 7ffdfb6248d0 _invalid_parameter_noinfo 8 API calls 18545 7ffdfb4b5257 18544->18545 18545->18539 18547 7ffdfb553b9a 18546->18547 18551 7ffdfb553bbd 18546->18551 18548 7ffdfb553bf1 18547->18548 18547->18551 18553 7ffdfb553c08 18548->18553 18569 7ffdfb521290 18548->18569 18549 7ffdfb553ca2 18549->18553 18554 7ffdfb553cbe 18549->18554 18557 7ffdfb55400d 18549->18557 18550 7ffdfb553bec 18552 7ffdfb4b8420 3 API calls 18550->18552 18551->18549 18551->18550 18552->18553 18562 7ffdfb6248d0 _invalid_parameter_noinfo 8 API calls 18553->18562 18564 7ffdfb4b8420 CreateFileW 18554->18564 18556 7ffdfb55401f 18559 7ffdfb4b8420 3 API calls 18556->18559 18557->18556 18558 7ffdfb5542ac 18557->18558 18561 7ffdfb4b8420 3 API calls 18558->18561 18559->18553 18561->18553 18563 7ffdfb4b5242 18562->18563 18563->18544 18565 7ffdfb4b844c 18564->18565 18566 7ffdfb4b86da 18564->18566 18567 7ffdfb4b846a GetProcessHeap HeapAlloc 18565->18567 18566->18553 18568 7ffdfb4b8497 18567->18568 18568->18566 18570 7ffdfb5212e7 18569->18570 18571 7ffdfb6248d0 _invalid_parameter_noinfo 8 API calls 18570->18571 18572 7ffdfb521513 18571->18572 18572->18553

    Executed Functions

    Function 00007FFDFB4B8420 Relevance: 4.7, APIs: 3, Instructions: 169memoryfileCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 0000000A.00000002.1885626446.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 0000000A.00000002.1885603915.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885773523.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885940259.00007FFDFB80D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885963770.00007FFDFB80E000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1886009205.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1886039521.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_10_2_7ffdfb4b0000_rundll32.jbxd
    Similarity
    • API ID: Heap$AllocCreateFileProcess
    • String ID:
    • API String ID: 3203875786-0
    • Opcode ID: 2d9733e9c9f357357592a8d9fb725a563b86b74d139ad321112a9bbe39b3b16f
    • Instruction ID: 149af692fd1ab315c5f17e023e2b7c5f9bbc79d92c1502df8cc7a40b21c95c7f
    • Opcode Fuzzy Hash: 2d9733e9c9f357357592a8d9fb725a563b86b74d139ad321112a9bbe39b3b16f
    • Instruction Fuzzy Hash: 8971A332B1A78286EB10CF29A460AA9B765FFC5B84F449235DE5D077A9DF3CE041CB04
    Function 00007FFDFB62E344 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    APIs
    • RtlAllocateHeap.NTDLL(?,?,00000000,00007FFDFB62DBF6,?,?,?,00007FFDFB62C1C1,?,?,?,?,00007FFDFB62AAD7), ref: 00007FFDFB62E399
    Memory Dump Source
    • Source File: 0000000A.00000002.1885626446.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 0000000A.00000002.1885603915.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885773523.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885940259.00007FFDFB80D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885963770.00007FFDFB80E000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1886009205.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1886039521.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_10_2_7ffdfb4b0000_rundll32.jbxd
    Similarity
    • API ID: AllocateHeap
    • String ID:
    • API String ID: 1279760036-0
    • Opcode ID: d1728647228f92dd1fcf1da762d887e051608acd538b4b990c3edadb53133b84
    • Instruction ID: bfb6e0a7fbe4e868fc4e1fe23f69784026eda016a28ac9d52be61e438cd72cb7
    • Opcode Fuzzy Hash: d1728647228f92dd1fcf1da762d887e051608acd538b4b990c3edadb53133b84
    • Instruction Fuzzy Hash: 2BF09004B1B20782FF6457619971FB922805F84B81F4C1438ED2E8E3F9EE2CE4C44211

    Non-executed Functions

    Function 00007FFDFB62BDAC Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 0000000A.00000002.1885626446.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 0000000A.00000002.1885603915.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885773523.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885940259.00007FFDFB80D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885963770.00007FFDFB80E000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1886009205.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1886039521.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_10_2_7ffdfb4b0000_rundll32.jbxd
    Similarity
    • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
    • String ID:
    • API String ID: 1239891234-0
    • Opcode ID: 750841f4963b94de0c0b3500b646837ed4ee6ddd7b476c2d72146abbaab38126
    • Instruction ID: 44ef6162e47891eca66e98bf91d56b28a79facd3ff269567af48681781f0702e
    • Opcode Fuzzy Hash: 750841f4963b94de0c0b3500b646837ed4ee6ddd7b476c2d72146abbaab38126
    • Instruction Fuzzy Hash: A7318136719B8286EB60CF25E8506AE73A0FB88794F540136EE9D47BA9DF3CC145CB00
    Function 00007FFDFB55EA20 Relevance: 38.6, APIs: 20, Strings: 2, Instructions: 109libraryloaderCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 0000000A.00000002.1885626446.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 0000000A.00000002.1885603915.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885773523.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885940259.00007FFDFB80D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885963770.00007FFDFB80E000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1886009205.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1886039521.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_10_2_7ffdfb4b0000_rundll32.jbxd
    Similarity
    • API ID: HandleModule$AddressProc
    • String ID: _errno$_write
    • API String ID: 1883125708-629457799
    • Opcode ID: a7e45877e4498e92427e6c2f68ae8fdc50a8aa3ab37254dae28a79f26cfcfa8d
    • Instruction ID: dcdfa421a7974b0069e92ee6071cd1f393491f7abcb34fb76591985b338b78df
    • Opcode Fuzzy Hash: a7e45877e4498e92427e6c2f68ae8fdc50a8aa3ab37254dae28a79f26cfcfa8d
    • Instruction Fuzzy Hash: 20515660F1FF1780FB52CB19A970A7422A0BF98796F484435C87E067F9EFADA9458340
    Function 00007FFDFB63031C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Strings
    Memory Dump Source
    • Source File: 0000000A.00000002.1885626446.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 0000000A.00000002.1885603915.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885773523.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885940259.00007FFDFB80D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885963770.00007FFDFB80E000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1886009205.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1886039521.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_10_2_7ffdfb4b0000_rundll32.jbxd
    Similarity
    • API ID: AddressFreeLibraryProc
    • String ID: api-ms-$ext-ms-
    • API String ID: 3013587201-537541572
    • Opcode ID: 8cddd77126df67d415fdc83bb25cec66b0080605921fc163ad3e30ebbab7ec17
    • Instruction ID: 155c738bf8c05e25f30f9c9854045675d0b16281b6b67d40f14ff29769e1783f
    • Opcode Fuzzy Hash: 8cddd77126df67d415fdc83bb25cec66b0080605921fc163ad3e30ebbab7ec17
    • Instruction Fuzzy Hash: ED41B462B1A64381FB51CB1AA834A762395AF45BE0F4C4135DD2D8B7EDEE3CE5898340
    Function 00007FFDFB62DA1C Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 0000000A.00000002.1885626446.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 0000000A.00000002.1885603915.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885773523.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885940259.00007FFDFB80D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885963770.00007FFDFB80E000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1886009205.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1886039521.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_10_2_7ffdfb4b0000_rundll32.jbxd
    Similarity
    • API ID: Value$ErrorLast
    • String ID:
    • API String ID: 2506987500-0
    • Opcode ID: 616a8a8d77a6b8d9e8b81ded9d66018e56d5c459af8475019f2794630c65dc87
    • Instruction ID: d12c15824a07816f810e93e818ef78fe64caaae69e51a921b94dbce52815a564
    • Opcode Fuzzy Hash: 616a8a8d77a6b8d9e8b81ded9d66018e56d5c459af8475019f2794630c65dc87
    • Instruction Fuzzy Hash: 9B213720B0E24342FF986761A575E7952525F88BB0F184634EC3E4EBFEDE2CA4858711
    Function 00007FFDFB62DB94 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    APIs
    • GetLastError.KERNEL32(?,?,?,00007FFDFB62C1C1,?,?,?,?,00007FFDFB62AAD7,?,?,?,00007FFDFB61E948), ref: 00007FFDFB62DBA3
    • FlsSetValue.KERNEL32(?,?,?,00007FFDFB62C1C1,?,?,?,?,00007FFDFB62AAD7,?,?,?,00007FFDFB61E948), ref: 00007FFDFB62DBD9
    • FlsSetValue.KERNEL32(?,?,?,00007FFDFB62C1C1,?,?,?,?,00007FFDFB62AAD7,?,?,?,00007FFDFB61E948), ref: 00007FFDFB62DC06
    • FlsSetValue.KERNEL32(?,?,?,00007FFDFB62C1C1,?,?,?,?,00007FFDFB62AAD7,?,?,?,00007FFDFB61E948), ref: 00007FFDFB62DC17
    • FlsSetValue.KERNEL32(?,?,?,00007FFDFB62C1C1,?,?,?,?,00007FFDFB62AAD7,?,?,?,00007FFDFB61E948), ref: 00007FFDFB62DC28
    • SetLastError.KERNEL32(?,?,?,00007FFDFB62C1C1,?,?,?,?,00007FFDFB62AAD7,?,?,?,00007FFDFB61E948), ref: 00007FFDFB62DC43
    Memory Dump Source
    • Source File: 0000000A.00000002.1885626446.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 0000000A.00000002.1885603915.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885773523.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885940259.00007FFDFB80D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885963770.00007FFDFB80E000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1886009205.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1886039521.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_10_2_7ffdfb4b0000_rundll32.jbxd
    Similarity
    • API ID: Value$ErrorLast
    • String ID:
    • API String ID: 2506987500-0
    • Opcode ID: afab31eddbab2fcb999a24c33dad6c6f2826fa1a7dac849d93b6fddb21923f0c
    • Instruction ID: 11e8021b21efdd188e604cade8568408fabb25520559c1e484bddf6efbf0bc35
    • Opcode Fuzzy Hash: afab31eddbab2fcb999a24c33dad6c6f2826fa1a7dac849d93b6fddb21923f0c
    • Instruction Fuzzy Hash: 1C116D60B0E24342FF9867215571A3911525F88BB0F040334DC3E4FBFEDE6CA4818B10
    Function 00007FFDFB62DC5C Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
    Download Yara Rule

    Control-flow Graph

    APIs
    • FlsGetValue.KERNEL32(?,?,?,00007FFDFB62BD3B,?,?,00000000,00007FFDFB62BFD6,?,?,?,?,?,00007FFDFB62BF62), ref: 00007FFDFB62DC7B
    • FlsSetValue.KERNEL32(?,?,?,00007FFDFB62BD3B,?,?,00000000,00007FFDFB62BFD6,?,?,?,?,?,00007FFDFB62BF62), ref: 00007FFDFB62DC9A
    • FlsSetValue.KERNEL32(?,?,?,00007FFDFB62BD3B,?,?,00000000,00007FFDFB62BFD6,?,?,?,?,?,00007FFDFB62BF62), ref: 00007FFDFB62DCC2
    • FlsSetValue.KERNEL32(?,?,?,00007FFDFB62BD3B,?,?,00000000,00007FFDFB62BFD6,?,?,?,?,?,00007FFDFB62BF62), ref: 00007FFDFB62DCD3
    • FlsSetValue.KERNEL32(?,?,?,00007FFDFB62BD3B,?,?,00000000,00007FFDFB62BFD6,?,?,?,?,?,00007FFDFB62BF62), ref: 00007FFDFB62DCE4
    Memory Dump Source
    • Source File: 0000000A.00000002.1885626446.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 0000000A.00000002.1885603915.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885773523.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885940259.00007FFDFB80D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885963770.00007FFDFB80E000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1886009205.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1886039521.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_10_2_7ffdfb4b0000_rundll32.jbxd
    Similarity
    • API ID: Value
    • String ID:
    • API String ID: 3702945584-0
    • Opcode ID: 063ea84af38c3dee00ac2677882d953c5b7c9168a632be67b9157d65d40a8ad0
    • Instruction ID: c82972dd05fcb87d473df3c09c8161e039545c1f7cdc450bd18a61f90a444c72
    • Opcode Fuzzy Hash: 063ea84af38c3dee00ac2677882d953c5b7c9168a632be67b9157d65d40a8ad0
    • Instruction Fuzzy Hash: 6A113760B0B68342FF98A325A571A7922565F847F0F184739EC3D4EBFEDE6CA4818711
    Function 00007FFDFB62DAF0 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
    Download Yara Rule

    Control-flow Graph

    APIs
    Memory Dump Source
    • Source File: 0000000A.00000002.1885626446.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 0000000A.00000002.1885603915.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885773523.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885940259.00007FFDFB80D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885963770.00007FFDFB80E000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1886009205.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1886039521.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_10_2_7ffdfb4b0000_rundll32.jbxd
    Similarity
    • API ID: Value
    • String ID:
    • API String ID: 3702945584-0
    • Opcode ID: 0e5752f7d8c9a4120b3f1562c0d343e5f65816b89d77409a09a23f1410ee526e
    • Instruction ID: 6dc5f4ef66043725b5d9c9c2dfc1cd0cbc824eddfacc47319f671124005d7b07
    • Opcode Fuzzy Hash: 0e5752f7d8c9a4120b3f1562c0d343e5f65816b89d77409a09a23f1410ee526e
    • Instruction Fuzzy Hash: 4C11E894F0B20302FF98A3255832A7911424F857B2F180738DD3D4E2FEDD2CB4859A61
    Function 00007FFDFB62F8B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 193COMMON
    Download Yara Rule

    Control-flow Graph

    • Executed
    • Not Executed
    control_flow_graph 248 7ffdfb62f8b0-7ffdfb62f8e3 call 7ffdfb62f20c 251 7ffdfb62fb3d-7ffdfb62fb40 call 7ffdfb62f28c 248->251 252 7ffdfb62f8e9-7ffdfb62f8f6 248->252 255 7ffdfb62fb45 251->255 254 7ffdfb62f8f9-7ffdfb62f8fb 252->254 256 7ffdfb62fa4f-7ffdfb62fa7d call 7ffdfb625b60 254->256 257 7ffdfb62f901-7ffdfb62f90c 254->257 258 7ffdfb62fb47-7ffdfb62fb6c call 7ffdfb6248d0 255->258 267 7ffdfb62fa80-7ffdfb62fa86 256->267 257->254 259 7ffdfb62f90e-7ffdfb62f914 257->259 262 7ffdfb62fa47-7ffdfb62fa4a 259->262 263 7ffdfb62f91a-7ffdfb62f925 IsValidCodePage 259->263 262->258 263->262 266 7ffdfb62f92b-7ffdfb62f932 263->266 268 7ffdfb62f934-7ffdfb62f942 266->268 269 7ffdfb62f962-7ffdfb62f971 GetCPInfo 266->269 270 7ffdfb62fa88-7ffdfb62fa8b 267->270 271 7ffdfb62fac6-7ffdfb62fad0 267->271 275 7ffdfb62f946-7ffdfb62f95d call 7ffdfb62f324 268->275 272 7ffdfb62f977-7ffdfb62f997 call 7ffdfb625b60 269->272 273 7ffdfb62fa3b-7ffdfb62fa41 269->273 270->271 276 7ffdfb62fa8d-7ffdfb62fa98 270->276 271->267 274 7ffdfb62fad2-7ffdfb62fade 271->274 290 7ffdfb62f99d-7ffdfb62f9a6 272->290 291 7ffdfb62fa31 272->291 273->251 273->262 280 7ffdfb62fae0-7ffdfb62fae3 274->280 281 7ffdfb62fb09 274->281 275->255 277 7ffdfb62fabe-7ffdfb62fac4 276->277 278 7ffdfb62fa9a 276->278 277->270 277->271 283 7ffdfb62fa9e-7ffdfb62faa5 278->283 285 7ffdfb62fb00-7ffdfb62fb07 280->285 286 7ffdfb62fae5-7ffdfb62fae8 280->286 287 7ffdfb62fb10-7ffdfb62fb23 281->287 283->277 289 7ffdfb62faa7-7ffdfb62fabc 283->289 285->287 292 7ffdfb62faf7-7ffdfb62fafe 286->292 293 7ffdfb62faea-7ffdfb62faec 286->293 294 7ffdfb62fb27-7ffdfb62fb36 287->294 289->277 289->283 295 7ffdfb62f9d4-7ffdfb62f9d8 290->295 296 7ffdfb62f9a8-7ffdfb62f9ab 290->296 297 7ffdfb62fa33-7ffdfb62fa36 291->297 292->287 293->287 298 7ffdfb62faee-7ffdfb62faf5 293->298 294->294 299 7ffdfb62fb38 294->299 301 7ffdfb62f9dd-7ffdfb62f9e6 295->301 296->295 300 7ffdfb62f9ad-7ffdfb62f9b6 296->300 297->275 298->287 299->251 302 7ffdfb62f9b8-7ffdfb62f9bd 300->302 303 7ffdfb62f9cc-7ffdfb62f9d2 300->303 301->301 304 7ffdfb62f9e8-7ffdfb62f9f1 301->304 305 7ffdfb62f9c0-7ffdfb62f9ca 302->305 303->295 303->296 306 7ffdfb62f9f3-7ffdfb62f9f6 304->306 307 7ffdfb62fa21 304->307 305->303 305->305 309 7ffdfb62fa18-7ffdfb62fa1f 306->309 310 7ffdfb62f9f8-7ffdfb62f9fb 306->310 308 7ffdfb62fa28-7ffdfb62fa2f 307->308 308->297 309->308 311 7ffdfb62fa0f-7ffdfb62fa16 310->311 312 7ffdfb62f9fd-7ffdfb62f9ff 310->312 311->308 313 7ffdfb62fa01-7ffdfb62fa04 312->313 314 7ffdfb62fa06-7ffdfb62fa0d 312->314 313->308 314->308
    APIs
      • Part of subcall function 00007FFDFB62F20C: GetOEMCP.KERNEL32(?,?,?,?,?,?,FFFFFFFD,00007FFDFB62F548), ref: 00007FFDFB62F236
    • IsValidCodePage.KERNEL32(?,?,?,00000001,?,00000000,INTEL_ISA_DISABLE,00007FFDFB62F679), ref: 00007FFDFB62F91D
    • GetCPInfo.KERNEL32(?,?,?,00000001,?,00000000,INTEL_ISA_DISABLE,00007FFDFB62F679), ref: 00007FFDFB62F969
    Strings
    Memory Dump Source
    • Source File: 0000000A.00000002.1885626446.00007FFDFB4B1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FFDFB4B0000, based on PE: true
    • Associated: 0000000A.00000002.1885603915.00007FFDFB4B0000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885773523.00007FFDFB638000.00000002.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885940259.00007FFDFB80D000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1885963770.00007FFDFB80E000.00000008.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1886009205.00007FFDFB84F000.00000004.00000001.01000000.00000003.sdmpDownload File
    • Associated: 0000000A.00000002.1886039521.00007FFDFB853000.00000002.00000001.01000000.00000003.sdmpDownload File
    Joe Sandbox IDA Plugin
    • Snapshot File: hcaresult_10_2_7ffdfb4b0000_rundll32.jbxd
    Similarity
    • API ID: CodeInfoPageValid
    • String ID: INTEL_ISA_DISABLE
    • API String ID: 546120528-73491743
    • Opcode ID: 1cfd66923bfafb69a9f1693d224c02c4870d00efb05212d6f9914e271ce99b4e
    • Instruction ID: c6a253f2354e9641b3db355bc85cf4dcfe2cc87299581ea11ee6730483c559d0
    • Opcode Fuzzy Hash: 1cfd66923bfafb69a9f1693d224c02c4870d00efb05212d6f9914e271ce99b4e
    • Instruction Fuzzy Hash: BD81D162B0E28786FF648F25E07097977A1AB54B80F584036CAAE4B6F9DE3DE541C740