Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
HACK-GAMER.exe

Overview

General Information

Sample name:HACK-GAMER.exe
Analysis ID:1584740
MD5:3c6dab4377f2d4dab30095f2d5167795
SHA1:d1022085523956412718e15ecd39e9c49fc6b74e
SHA256:3c92654b0f9957d8ca7f69ada68a4c79fcc1bd2baca92370dc0578434c966338
Tags:CobaltStrikeexeuser-lontze7
Infos:

Detection

Metasploit, Meterpreter
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Metasploit Payload
Yara detected Meterpreter
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Connects to many ports of the same IP (likely port scanning)
Contains functionality to capture and log keystrokes
Contains functionality to change the desktop window for a process (likely to hide graphical interactions)
Contains functionality to check if the process is started with administrator privileges
Contains functionality to inject code into remote processes
Contains functionality to inject threads in other processes
PE file has a writeable .text section
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to clear windows event logs (to hide its activities)
Contains functionality to delete services
Contains functionality to dynamically determine API calls
Contains functionality to enumerate device drivers
Contains functionality to enumerate running services
Contains functionality to launch a process as a different user
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found decision node followed by non-executed suspicious APIs
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
Potential key logger detected (key state polling based)
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara signature match

Classification

Process Tree

  • System is w10x64
  • HACK-GAMER.exe (PID: 5472 cmdline: "C:\Users\user\Desktop\HACK-GAMER.exe" MD5: 3C6DAB4377F2D4DAB30095F2D5167795)
    • chrome.exe (PID: 4084 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://blood-strike.com/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 4592 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 --field-trial-handle=2272,i,13844341092092372292,10383274001223032327,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MeterpreterNo Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.meterpreter

Malware Configuration

Threatname: Meterpreter

{"Type": "tcp", "IP": "0.0.0.0", "Port": 8080}

Threatname: Metasploit

{"Type": "Metasploit Connect", "IP": "167.99.38.229", "Port": 19348}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
HACK-GAMER.exeJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security
    HACK-GAMER.exeWindows_Trojan_Metasploit_4a1c4da8Identifies Metasploit 64 bit reverse tcp shellcode.unknown
    • 0x351325:$a: 6A 10 56 57 68 99 A5 74 61 FF D5 85 C0 74 0A FF 4E 08

    PCAP (Network Traffic)

    SourceRuleDescriptionAuthorStrings
    dump.pcapWindows_Trojan_Metasploit_38b8ceecIdentifies the API address lookup function used by metasploit. Also used by other tools (like beacon).unknown
    • 0x2ac48:$a1: 89 E5 31 D2 64 8B 52 30 8B 52 0C 8B 52 14 8B 72 28 0F B7 4A 26 31 FF 31 C0 AC 3C 61
    dump.pcapWindows_Trojan_Metasploit_7bc0f998Identifies the API address lookup function leverage by metasploit shellcodeunknown
    • 0x2ab29:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
    • 0x2ad51:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
    • 0x2ae97:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
    dump.pcapWindows_Trojan_Metasploit_c9773203Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.unknown
    • 0x2ab95:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1
    • 0x2adbd:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1
    • 0x2af03:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000000.2018490546.000000000075B000.00000080.00000001.01000000.00000003.sdmpJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security
      00000000.00000000.2018490546.000000000075B000.00000080.00000001.01000000.00000003.sdmpWindows_Trojan_Metasploit_4a1c4da8Identifies Metasploit 64 bit reverse tcp shellcode.unknown
      • 0x125:$a: 6A 10 56 57 68 99 A5 74 61 FF D5 85 C0 74 0A FF 4E 08
      00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Metasploit_38b8ceecIdentifies the API address lookup function used by metasploit. Also used by other tools (like beacon).unknown
      • 0x10ce:$a1: 89 E5 31 D2 64 8B 52 30 8B 52 0C 8B 52 14 8B 72 28 0F B7 4A 26 31 FF 31 C0 AC 3C 61
      00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Metasploit_7bc0f998Identifies the API address lookup function leverage by metasploit shellcodeunknown
      • 0xfaf:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
      • 0x11d7:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
      • 0x131d:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
      00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Metasploit_c9773203Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.unknown
      • 0x101b:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1
      • 0x1243:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1
      • 0x1389:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1
      Click to see the 7 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.HACK-GAMER.exe.28d0000.4.unpackJoeSecurity_MeterpreterYara detected MeterpreterJoe Security
        0.2.HACK-GAMER.exe.28d0000.4.unpackWindows_Trojan_Metasploit_38b8ceecIdentifies the API address lookup function used by metasploit. Also used by other tools (like beacon).unknown
        • 0x26ece:$a1: 89 E5 31 D2 64 8B 52 30 8B 52 0C 8B 52 14 8B 72 28 0F B7 4A 26 31 FF 31 C0 AC 3C 61
        0.2.HACK-GAMER.exe.28d0000.4.unpackWindows_Trojan_Metasploit_7bc0f998Identifies the API address lookup function leverage by metasploit shellcodeunknown
        • 0x26daf:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
        • 0x26fd7:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
        • 0x2711d:$a1: 48 31 D2 65 48 8B 52 60 48 8B 52 18 48 8B 52 20 48 8B 72 50 48 0F B7 4A 4A 4D 31 C9 48 31 C0 AC 3C 61
        0.2.HACK-GAMER.exe.28d0000.4.unpackWindows_Trojan_Metasploit_c9773203Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families.unknown
        • 0x26e1b:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1
        • 0x27043:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1
        • 0x27189:$a: 48 31 C0 AC 41 C1 C9 0D 41 01 C1 38 E0 75 F1 4C 03 4C 24 08 45 39 D1
        0.2.HACK-GAMER.exe.28d0000.4.unpackMALWARE_Win_MeterpreterDetects Meterpreter payloadditekSHen
        • 0x28094:$s1: PACKET TRANSMIT
        • 0x280a4:$s2: PACKET RECEIVE
        • 0x27f64:$s3: \\%s\pipe\%s
        • 0x2802c:$s3: \\%s\pipe\%s
        • 0x27e88:$s4: %04x-%04x:%s
        • 0x24bfc:$s5: server.dll
        Click to see the 13 entries

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-01-06T12:36:56.743220+010020256441A Network Trojan was detected167.99.38.22919348192.168.2.549704TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: HACK-GAMER.exeAvira: detected
        Found malware configuration
        Source: HACK-GAMER.exeMalware Configuration Extractor: Metasploit {"Type": "Metasploit Connect", "IP": "167.99.38.229", "Port": 19348}
        Source: 0.2.HACK-GAMER.exe.28a0000.3.raw.unpackMalware Configuration Extractor: Meterpreter {"Type": "tcp", "IP": "0.0.0.0", "Port": 8080}
        Multi AV Scanner detection for submitted file
        Source: HACK-GAMER.exeReversingLabs: Detection: 68%
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.2% probability
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028D6146 CryptDecodeObjectEx,GetLastError,CryptAcquireContextW,CryptAcquireContextW,CryptAcquireContextW,CryptImportPublicKeyInfo,CryptEncrypt,CryptEncrypt,_calloc,_memcpy_s,CryptEncrypt,_free,LocalFree,CryptDestroyKey,CryptReleaseContext,0_2_028D6146
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028D5F76 _calloc,CryptAcquireContextW,GetLastError,CryptGenRandom,CryptImportKey,GetLastError,_free,0_2_028D5F76
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028D5C13 _calloc,htonl,htonl,CryptDuplicateKey,GetLastError,CryptSetKeyParam,CryptSetKeyParam,CryptDecrypt,_memmove_s,htonl,htonl,_malloc,_memcpy_s,CryptDestroyKey,0_2_028D5C13
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028D6105 CryptDestroyKey,CryptReleaseContext,_free,0_2_028D6105
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028D5D85 _memcpy_s,CryptDuplicateKey,GetLastError,CryptSetKeyParam,CryptSetKeyParam,CryptGenRandom,GetLastError,GetLastError,CryptSetKeyParam,GetLastError,htonl,_malloc,_memcpy_s,CryptEncrypt,GetLastError,htonl,_memcpy_s,_memcpy_s,_malloc,htonl,_memcpy_s,_memcpy_s,CryptDestroyKey,0_2_028D5D85
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B53B78 GetLastError,CryptAcquireContextA,CryptCreateHash,__fread_nolock,CryptGetHashParam,CryptGetHashParam,GetLastError,GetLastError,CryptGetHashParam,GetLastError,CryptHashData,CryptDestroyHash,CryptReleaseContext,0_2_02B53B78
        Source: HACK-GAMER.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49721 version: TLS 1.0
        Source: Binary string: G:\workspace\spike\src\Engine\Tools\PCInstaller\installerHD\Release\installer.pdb source: HACK-GAMER.exe
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B54226 lstrcmpiW,GetFileAttributesW,SetLastError,RemoveDirectoryW,GetLastError,lstrlenW,lstrlenW,lstrlenW,wsprintfW,wsprintfW,FindFirstFileW,lstrcpyW,lstrcmpiW,lstrcmpiW,lstrlenW,lstrlenW,lstrlenW,wsprintfW,SetFileAttributesW,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,FindNextFileW,GetLastError,FindClose,RemoveDirectoryW,SetLastError,0_2_02B54226
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B53EE6 __snprintf,_strrchr,__snprintf,_strrchr,GetLastError,FindFirstFileW,__snprintf,__snprintf,_free,_free,FindNextFileW,GetLastError,FindClose,_free,_free,_free,0_2_02B53EE6
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B544B4 FindFirstFileW,FindClose,0_2_02B544B4
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B55484 swprintf,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,GetLastError,GetLastError,GetLastError,0_2_02B55484
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B55590 _memset,_calloc,swprintf,FindFirstFileW,_wcscmp,_wcscmp,_calloc,swprintf,_free,FindNextFileW,FindClose,GetLastError,GetLastError,GetLastError,_free,0_2_02B55590
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_06541B0E swprintf,FindFirstFileW,_wcscmp,_wcscmp,CreateFileW,CloseHandle,FindNextFileW,FindClose,GetLastError,GetLastError,GetLastError,0_2_06541B0E
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_06541BFF _memset,_calloc,swprintf,FindFirstFileW,_wcscmp,_wcscmp,_calloc,swprintf,_free,FindNextFileW,FindClose,GetLastError,GetLastError,GetLastError,_free,0_2_06541BFF
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B51195 _memset,GetLogicalDriveStringsA,GetLastError,GetDriveTypeA,WNetGetUniversalNameA,_malloc,WNetGetUniversalNameA,_free,GetDiskFreeSpaceExA,_strlen,0_2_02B51195

        Networking

        barindex
        Yara detected Meterpreter
        Source: Yara matchFile source: 0.2.HACK-GAMER.exe.28d0000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.HACK-GAMER.exe.28a0000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.HACK-GAMER.exe.28a0000.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        C2 URLs / IPs found in malware configuration
        Source: Malware configuration extractorURLs: 0.0.0.0
        Connects to many ports of the same IP (likely port scanning)
        Source: global trafficTCP traffic: 167.99.38.229 ports 19348,1,3,4,8,9
        Source: global trafficTCP traffic: 192.168.2.5:49704 -> 167.99.38.229:19348
        Source: Joe Sandbox ViewIP Address: 167.99.38.229 167.99.38.229
        Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
        Source: Joe Sandbox ViewASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS
        Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
        Source: Network trafficSuricata IDS: 2025644 - Severity 1 - ET MALWARE Possible Metasploit Payload Common Construct Bind_API (from server) : 167.99.38.229:19348 -> 192.168.2.5:49704
        Source: unknownHTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49721 version: TLS 1.0
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: unknownTCP traffic detected without corresponding DNS query: 167.99.38.229
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_0075B0E2 LoadLibraryA,WSASocketA,connect,recv,VirtualAlloc,recv,0_2_0075B0E2
        Source: global trafficDNS traffic detected: DNS query: blood-strike.com
        Source: global trafficDNS traffic detected: DNS query: google.com
        Source: global trafficDNS traffic detected: DNS query: www.google.com
        Source: HACK-GAMER.exeString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
        Source: HACK-GAMER.exeString found in binary or memory: http://ocsp.thawte.com0
        Source: HACK-GAMER.exeString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
        Source: HACK-GAMER.exeString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
        Source: HACK-GAMER.exeString found in binary or memory: http://ts-ocsp.ws.symantec.com07
        Source: HACK-GAMER.exe, 00000000.00000003.2076867143.0000000000A8E000.00000004.00000020.00020000.00000000.sdmp, HACK-GAMER.exe, 00000000.00000002.2077964264.0000000000A8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blood-strike.com
        Source: HACK-GAMER.exe, 00000000.00000003.2076847851.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp, HACK-GAMER.exe, 00000000.00000003.2076276014.0000000000B12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blood-strike.com/
        Source: HACK-GAMER.exe, 00000000.00000003.2075200155.0000000000AEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blood-strike.com/$
        Source: HACK-GAMER.exe, 00000000.00000003.2076867143.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp, HACK-GAMER.exe, 00000000.00000002.2078299456.0000000000AD6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blood-strike.com/=
        Source: HACK-GAMER.exe, 00000000.00000002.2077879371.0000000000A48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blood-strike.com/f
        Source: HACK-GAMER.exeString found in binary or memory: https://blood-strike.comIgo_web_download_%d-installer3
        Source: HACK-GAMER.exe, 00000000.00000003.2076867143.0000000000A8E000.00000004.00000020.00020000.00000000.sdmp, HACK-GAMER.exe, 00000000.00000002.2077964264.0000000000A8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://blood-strike.comc
        Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
        Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
        Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713

        Key, Mouse, Clipboard, Microphone and Screen Capturing

        barindex
        Contains functionality to capture and log keystrokes
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: <Tab>0_2_02B5E37E
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: <Tab>0_2_02B5E18C
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B5E37E _memset,_memset,_memset,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyboardState,GetForegroundWindow,GetWindowThreadProcessId,EnumChildWindows,OpenProcess,_wcscmp,GetSystemTime,GetDateFormatW,GetTimeFormatW,__snwprintf,_memset,__snwprintf,CloseHandle,GetAsyncKeyState,GetKeyNameTextW,__snwprintf,ToUnicodeEx,GetKeyNameTextW,MapVirtualKeyA,__snwprintf,0_2_02B5E37E
        Source: HACK-GAMER.exeBinary or memory string: RegisterRawInputDevices
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B5E37E _memset,_memset,_memset,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyboardState,GetForegroundWindow,GetWindowThreadProcessId,EnumChildWindows,OpenProcess,_wcscmp,GetSystemTime,GetDateFormatW,GetTimeFormatW,__snwprintf,_memset,__snwprintf,CloseHandle,GetAsyncKeyState,GetKeyNameTextW,__snwprintf,ToUnicodeEx,GetKeyNameTextW,MapVirtualKeyA,__snwprintf,0_2_02B5E37E
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B5E18C _memset,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyboardState,GetAsyncKeyState,GetKeyNameTextW,__snwprintf,ToUnicodeEx,GetKeyNameTextW,MapVirtualKeyA,__snwprintf,0_2_02B5E18C
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028D5F76 _calloc,CryptAcquireContextW,GetLastError,CryptGenRandom,CryptImportKey,GetLastError,_free,0_2_028D5F76

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: HACK-GAMER.exe, type: SAMPLEMatched rule: Identifies Metasploit 64 bit reverse tcp shellcode. Author: unknown
        Source: dump.pcap, type: PCAPMatched rule: Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon). Author: unknown
        Source: dump.pcap, type: PCAPMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
        Source: dump.pcap, type: PCAPMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
        Source: 0.2.HACK-GAMER.exe.28d0000.4.unpack, type: UNPACKEDPEMatched rule: Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon). Author: unknown
        Source: 0.2.HACK-GAMER.exe.28d0000.4.unpack, type: UNPACKEDPEMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
        Source: 0.2.HACK-GAMER.exe.28d0000.4.unpack, type: UNPACKEDPEMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
        Source: 0.2.HACK-GAMER.exe.28d0000.4.unpack, type: UNPACKEDPEMatched rule: Detects Meterpreter payload Author: ditekSHen
        Source: 0.2.HACK-GAMER.exe.28a0000.3.unpack, type: UNPACKEDPEMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
        Source: 0.2.HACK-GAMER.exe.28a0000.3.unpack, type: UNPACKEDPEMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
        Source: 0.2.HACK-GAMER.exe.28a0000.3.unpack, type: UNPACKEDPEMatched rule: Detects Meterpreter payload Author: ditekSHen
        Source: 0.2.HACK-GAMER.exe.28a0000.3.raw.unpack, type: UNPACKEDPEMatched rule: Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon). Author: unknown
        Source: 0.2.HACK-GAMER.exe.28a0000.3.raw.unpack, type: UNPACKEDPEMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
        Source: 0.2.HACK-GAMER.exe.28a0000.3.raw.unpack, type: UNPACKEDPEMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
        Source: 0.2.HACK-GAMER.exe.28a0000.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Meterpreter payload Author: ditekSHen
        Source: 0.0.HACK-GAMER.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Identifies Metasploit 64 bit reverse tcp shellcode. Author: unknown
        Source: 0.2.HACK-GAMER.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Identifies Metasploit 64 bit reverse tcp shellcode. Author: unknown
        Source: 00000000.00000000.2018490546.000000000075B000.00000080.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Identifies Metasploit 64 bit reverse tcp shellcode. Author: unknown
        Source: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon). Author: unknown
        Source: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
        Source: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
        Source: 00000000.00000002.2077575749.000000000075B000.00000080.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Identifies Metasploit 64 bit reverse tcp shellcode. Author: unknown
        Source: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon). Author: unknown
        Source: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the API address lookup function leverage by metasploit shellcode Author: unknown
        Source: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families. Author: unknown
        Source: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Meterpreter payload Author: ditekSHen
        PE file has a writeable .text section
        Source: HACK-GAMER.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028A494E NtProtectVirtualMemory,0_2_028A494E
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B5E05B NtdllDefWindowProc_A,_free,DestroyWindow,UnregisterClassA,GetProcessHeap,HeapAlloc,DestroyWindow,GetProcessHeap,HeapFree,0_2_02B5E05B
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_065447CF OpenSCManagerA,GetLastError,OpenServiceA,GetLastError,DeleteService,GetLastError,CloseServiceHandle,CloseServiceHandle,SetLastError,0_2_065447CF
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B58B1D _memset,_memset,_calloc,__snprintf,_mbstowcs,_calloc,_mbstowcs,_malloc,_memset,CreatePipe,CreatePipe,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,OpenProcess,_malloc,GetLastError,GetLastError,_wprintf,GetLastError,_free,GetLastError,GetLastError,GetLastError,FreeLibrary,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,DuplicateTokenEx,DuplicateTokenEx,LoadLibraryA,GetProcAddress,GetProcAddress,CreateProcessAsUserW,GetLastError,LoadLibraryA,GetProcAddress,_mbstowcs,_malloc,_mbstowcs,_mbstowcs,_malloc,_mbstowcs,GetLastError,FreeLibrary,_free,_free,FreeLibrary,LoadLibraryA,GetCurrentProcessId,GetProcAddress,CreateProcessAsUserW,CreateProcessW,GetLastError,FreeLibrary,CloseHandle,CreateProcessW,ResumeThread,CloseHandle,CloseHandle,CloseHandle,_free,_free,_free,_free,_free,0_2_02B58B1D
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B5C0EA GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,GetLastError,CloseHandle,0_2_02B5C0EA
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028BA3900_2_028BA390
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028AFBF00_2_028AFBF0
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028B131C0_2_028B131C
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028B3B420_2_028B3B42
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028BDB5D0_2_028BDB5D
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028B1B690_2_028B1B69
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028BE0CF0_2_028BE0CF
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028AE8C10_2_028AE8C1
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028B0E280_2_028B0E28
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028BE6410_2_028BE641
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028B1F9E0_2_028B1F9E
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028B67BE0_2_028B67BE
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028B17340_2_028B1734
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028BFF720_2_028BFF72
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028C74340_2_028C7434
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028BEDE90_2_028BEDE9
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028E1A280_2_028E1A28
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028EF2410_2_028EF241
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028E2B9E0_2_028E2B9E
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028E73BE0_2_028E73BE
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028E23340_2_028E2334
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028F0B720_2_028F0B72
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028DE0660_2_028DE066
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028EF9E90_2_028EF9E9
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028EAF900_2_028EAF90
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028E07F00_2_028E07F0
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028E1F1C0_2_028E1F1C
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028E47420_2_028E4742
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028EE75D0_2_028EE75D
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028E27690_2_028E2769
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028EECCF0_2_028EECCF
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028DF4C10_2_028DF4C1
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028DAC010_2_028DAC01
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B7D2A60_2_02B7D2A6
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B7DAF30_2_02B7DAF3
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B7CBF00_2_02B7CBF0
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B833540_2_02B83354
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B7F03F0_2_02B7F03F
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B8E9830_2_02B8E983
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B7D6BE0_2_02B7D6BE
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B8F69D0_2_02B8F69D
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B8EEF50_2_02B8EEF5
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B7DF280_2_02B7DF28
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B907060_2_02B90706
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B8E4110_2_02B8E411
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B7CDB20_2_02B7CDB2
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_0654A3090_2_0654A309
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_06550B220_2_06550B22
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_065533D10_2_065533D1
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_065510940_2_06551094
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_065524B40_2_065524B4
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_065485940_2_06548594
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_065459B00_2_065459B0
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_065505B00_2_065505B0
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: String function: 02B820A0 appears 39 times
        Source: HACK-GAMER.exeStatic PE information: Resource name: PROGRAM type: PE32 executable (GUI) Intel 80386, for MS Windows
        Source: HACK-GAMER.exe, 00000000.00000000.2018382492.00000000006F1000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameinstaller.exe@ vs HACK-GAMER.exe
        Source: HACK-GAMER.exe, 00000000.00000002.2077618228.0000000000823000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameinstaller.exe@ vs HACK-GAMER.exe
        Source: HACK-GAMER.exeBinary or memory string: OriginalFilenameinstaller.exe@ vs HACK-GAMER.exe
        Source: HACK-GAMER.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: HACK-GAMER.exe, type: SAMPLEMatched rule: Windows_Trojan_Metasploit_4a1c4da8 reference_sample = 9582d37ed9de522472abe615dedef69282a40cfd58185813c1215249c24bbf22, os = windows, severity = x86, description = Identifies Metasploit 64 bit reverse tcp shellcode., creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 7a31ce858215f0a8732ce6314bfdbc3975f1321e3f87d7f4dc5a525f15766987, id = 4a1c4da8-837d-4ad1-a672-ddb8ba074936, last_modified = 2021-08-23
        Source: dump.pcap, type: PCAPMatched rule: Windows_Trojan_Metasploit_38b8ceec os = windows, severity = x86, description = Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 44b9022d87c409210b1d0807f5a4337d73f19559941660267d63cd2e4f2ff342, id = 38b8ceec-601c-4117-b7a0-74720e26bf38, last_modified = 2021-08-23
        Source: dump.pcap, type: PCAPMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
        Source: dump.pcap, type: PCAPMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
        Source: 0.2.HACK-GAMER.exe.28d0000.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_38b8ceec os = windows, severity = x86, description = Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 44b9022d87c409210b1d0807f5a4337d73f19559941660267d63cd2e4f2ff342, id = 38b8ceec-601c-4117-b7a0-74720e26bf38, last_modified = 2021-08-23
        Source: 0.2.HACK-GAMER.exe.28d0000.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
        Source: 0.2.HACK-GAMER.exe.28d0000.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
        Source: 0.2.HACK-GAMER.exe.28d0000.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Meterpreter author = ditekSHen, description = Detects Meterpreter payload
        Source: 0.2.HACK-GAMER.exe.28a0000.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
        Source: 0.2.HACK-GAMER.exe.28a0000.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
        Source: 0.2.HACK-GAMER.exe.28a0000.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Meterpreter author = ditekSHen, description = Detects Meterpreter payload
        Source: 0.2.HACK-GAMER.exe.28a0000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_38b8ceec os = windows, severity = x86, description = Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 44b9022d87c409210b1d0807f5a4337d73f19559941660267d63cd2e4f2ff342, id = 38b8ceec-601c-4117-b7a0-74720e26bf38, last_modified = 2021-08-23
        Source: 0.2.HACK-GAMER.exe.28a0000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
        Source: 0.2.HACK-GAMER.exe.28a0000.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
        Source: 0.2.HACK-GAMER.exe.28a0000.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_Meterpreter author = ditekSHen, description = Detects Meterpreter payload
        Source: 0.0.HACK-GAMER.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_4a1c4da8 reference_sample = 9582d37ed9de522472abe615dedef69282a40cfd58185813c1215249c24bbf22, os = windows, severity = x86, description = Identifies Metasploit 64 bit reverse tcp shellcode., creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 7a31ce858215f0a8732ce6314bfdbc3975f1321e3f87d7f4dc5a525f15766987, id = 4a1c4da8-837d-4ad1-a672-ddb8ba074936, last_modified = 2021-08-23
        Source: 0.2.HACK-GAMER.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Metasploit_4a1c4da8 reference_sample = 9582d37ed9de522472abe615dedef69282a40cfd58185813c1215249c24bbf22, os = windows, severity = x86, description = Identifies Metasploit 64 bit reverse tcp shellcode., creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 7a31ce858215f0a8732ce6314bfdbc3975f1321e3f87d7f4dc5a525f15766987, id = 4a1c4da8-837d-4ad1-a672-ddb8ba074936, last_modified = 2021-08-23
        Source: 00000000.00000000.2018490546.000000000075B000.00000080.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_4a1c4da8 reference_sample = 9582d37ed9de522472abe615dedef69282a40cfd58185813c1215249c24bbf22, os = windows, severity = x86, description = Identifies Metasploit 64 bit reverse tcp shellcode., creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 7a31ce858215f0a8732ce6314bfdbc3975f1321e3f87d7f4dc5a525f15766987, id = 4a1c4da8-837d-4ad1-a672-ddb8ba074936, last_modified = 2021-08-23
        Source: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_38b8ceec os = windows, severity = x86, description = Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 44b9022d87c409210b1d0807f5a4337d73f19559941660267d63cd2e4f2ff342, id = 38b8ceec-601c-4117-b7a0-74720e26bf38, last_modified = 2021-08-23
        Source: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
        Source: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
        Source: 00000000.00000002.2077575749.000000000075B000.00000080.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_4a1c4da8 reference_sample = 9582d37ed9de522472abe615dedef69282a40cfd58185813c1215249c24bbf22, os = windows, severity = x86, description = Identifies Metasploit 64 bit reverse tcp shellcode., creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 7a31ce858215f0a8732ce6314bfdbc3975f1321e3f87d7f4dc5a525f15766987, id = 4a1c4da8-837d-4ad1-a672-ddb8ba074936, last_modified = 2021-08-23
        Source: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_38b8ceec os = windows, severity = x86, description = Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon)., creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = 44b9022d87c409210b1d0807f5a4337d73f19559941660267d63cd2e4f2ff342, id = 38b8ceec-601c-4117-b7a0-74720e26bf38, last_modified = 2021-08-23
        Source: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_7bc0f998 os = windows, severity = x86, description = Identifies the API address lookup function leverage by metasploit shellcode, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = fdb5c665503f07b2fc1ed7e4e688295e1222a500bfb68418661db60c8e75e835, id = 7bc0f998-7014-4883-8a56-d5ee00c15aed, last_modified = 2021-08-23
        Source: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Metasploit_c9773203 os = windows, severity = x86, description = Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., creation_date = 2021-04-07, scan_context = file, memory, reference = https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm, license = Elastic License v2, threat_name = Windows.Trojan.Metasploit, fingerprint = afde93eeb14b4d0c182f475a22430f101394938868741ffa06445e478b6ece36, id = c9773203-6d1e-4246-a1e0-314217e0207a, last_modified = 2021-08-23
        Source: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_Meterpreter author = ditekSHen, description = Detects Meterpreter payload
        Source: HACK-GAMER.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@20/7@19/5
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B5F396 _malloc,_memset,LoadLibraryA,GetLastError,GetProcAddress,_malloc,SetLastError,SetLastError,GetLastError,FormatMessageA,_free,SetLastError,0_2_02B5F396
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028D1BAC GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,OpenProcess,GetLastError,CreateEventW,GetCurrentProcess,DuplicateHandle,VirtualAllocEx,GetLastError,_free,CloseHandle,CloseHandle,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,_free,0_2_028D1BAC
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028D7B7F GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,0_2_028D7B7F
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B5CB4B GetCurrentProcess,OpenProcessToken,GetLastError,_memset,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,0_2_02B5CB4B
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B5C0EA GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,GetLastError,CloseHandle,0_2_02B5C0EA
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B5947A GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,0_2_02B5947A
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B5758B _memset,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,_wcsstr,CloseHandle,FreeLibrary,0_2_02B5758B
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_065436CA GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,0_2_065436CA
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_06544FC9 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,GetHandleInformation,CloseHandle,SetLastError,0_2_06544FC9
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B51195 _memset,GetLogicalDriveStringsA,GetLastError,GetDriveTypeA,WNetGetUniversalNameA,_malloc,WNetGetUniversalNameA,_free,GetDiskFreeSpaceExA,_strlen,0_2_02B51195
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: OpenSCManagerA,GetLastError,CreateServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,SetLastError,0_2_06544756
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028D2625 VirtualAllocEx,VirtualQueryEx,_malloc,_memset,WriteProcessMemory,WriteProcessMemory,_free,LoadLibraryA,GetProcAddress,CreateToolhelp32Snapshot,GetLastError,Thread32First,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,OpenThread,SuspendThread,CloseHandle,Thread32Next,SetLastError,GetLastError,Sleep,ResumeThread,CloseHandle,CloseHandle,FreeLibrary,SetLastError,0_2_028D2625
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B60B90 CoInitialize,CoCreateInstance,VariantInit,_mbstowcs_s,VariantClear,GetLastError,CoUninitialize,0_2_02B60B90
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B5EB06 _memset,ExpandEnvironmentStringsA,FindResourceA,LoadResource,LockResource,SizeofResource,DeleteFileA,GetFileAttributesA,GetLastError,LoadLibraryA,GetLastError,0_2_02B5EB06
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_06544631 OpenSCManagerA,GetLastError,OpenServiceA,GetLastError,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,SetLastError,0_2_06544631
        Source: C:\Users\user\Desktop\HACK-GAMER.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\89dad5d484a9f889a3a8dfca823edc3e_9e146be9-c76a-4720-bcdb-53011b87bd06Jump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeMutant created: NULL
        Source: HACK-GAMER.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: HACK-GAMER.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        Source: C:\Users\user\Desktop\HACK-GAMER.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: HACK-GAMER.exeReversingLabs: Detection: 68%
        Source: HACK-GAMER.exeString found in binary or memory: OK (Download), No (Exit)https://blood-strike.comIgo_web_download_%d-installer3\uninstall.exe!!!!! program crashed !!!!!FAILcrashMutex object is invalid!bloodstrikehd_installerBloodStrike client installerFailed to create mutex[%s], error code: %d[%s] is already running!
        Source: C:\Users\user\Desktop\HACK-GAMER.exeFile read: C:\Users\user\Desktop\HACK-GAMER.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\HACK-GAMER.exe "C:\Users\user\Desktop\HACK-GAMER.exe"
        Source: C:\Users\user\Desktop\HACK-GAMER.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://blood-strike.com/
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 --field-trial-handle=2272,i,13844341092092372292,10383274001223032327,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
        Source: C:\Users\user\Desktop\HACK-GAMER.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://blood-strike.com/Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 --field-trial-handle=2272,i,13844341092092372292,10383274001223032327,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: msimg32.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: oledlg.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: netapi32.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: cscapi.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: ieframe.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: edputil.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: mlang.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: policymanager.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: msvcp110_win.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1A66AEDC-93C3-4ACC-BA96-08F5716429F7}\InProcServer32Jump to behavior
        Source: Google Drive.lnk.2.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: YouTube.lnk.2.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: Sheets.lnk.2.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: Gmail.lnk.2.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: Slides.lnk.2.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: Docs.lnk.2.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: HACK-GAMER.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
        Source: HACK-GAMER.exeStatic file information: File size 4721152 > 1048576
        Source: HACK-GAMER.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x1bec00
        Source: HACK-GAMER.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x106800
        Source: HACK-GAMER.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x106800
        Source: HACK-GAMER.exeStatic PE information: More than 200 imports for USER32.dll
        Source: Binary string: G:\workspace\spike\src\Engine\Tools\PCInstaller\installerHD\Release\installer.pdb source: HACK-GAMER.exe
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_0075B000 EntryPoint,LoadLibraryA,GetProcAddress,CreateThread,0_2_0075B000
        Source: HACK-GAMER.exeStatic PE information: real checksum: 0x486308 should be: 0x4863a0
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028B8A35 push ecx; ret 0_2_028B8A48
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028AFBDB push ecx; ret 0_2_028AFBEB
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028C9798 push eax; ret 0_2_028C9749
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028C9719 push eax; ret 0_2_028C9749
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028E9635 push ecx; ret 0_2_028E9648
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028E07DB push ecx; ret 0_2_028E07EB
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B7CBDB push ecx; ret 0_2_02B7CBEB
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B820E5 push ecx; ret 0_2_02B820F8
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_06549E75 push ecx; ret 0_2_06549E88
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_0654599B push ecx; ret 0_2_065459AB
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_06544631 OpenSCManagerA,GetLastError,OpenServiceA,GetLastError,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,SetLastError,0_2_06544631
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B5C4E6 ClearEventLogA,GetLastError,0_2_02B5C4E6
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028E4742 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_028E4742
        Source: C:\Users\user\Desktop\HACK-GAMER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Contains functionality to check if the process is started with administrator privileges
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B5758B _memset,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,_wcsstr,CloseHandle,FreeLibrary,0_2_02B5758B
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: EnumDeviceDrivers,_malloc,EnumDeviceDrivers,GetDeviceDriverBaseNameW,GetDeviceDriverFileNameW,_free,_free,_free,0_2_02B5CE80
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: _memset,_memset,GetVersionExA,GetLastError,OpenSCManagerA,EnumServicesStatusA,EnumServicesStatusA,GetLastError,GetLastError,GetLastError,CloseServiceHandle,_free,SetLastError,_malloc,EnumServicesStatusA,OpenServiceA,QueryServiceStatusEx,OpenProcess,GetCurrentThreadId,__snprintf_s,_strlen,VirtualAllocEx,_strlen,WriteProcessMemory,WaitForSingleObject,GetExitCodeThread,GetCurrentThread,OpenThreadToken,DuplicateToken,CloseServiceHandle,GetHandleInformation,CloseHandle,GetHandleInformation,CloseHandle,GetHandleInformation,CloseHandle,0_2_06544921
        Source: C:\Users\user\Desktop\HACK-GAMER.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_0-62731
        Source: C:\Users\user\Desktop\HACK-GAMER.exeAPI coverage: 4.7 %
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B54226 lstrcmpiW,GetFileAttributesW,SetLastError,RemoveDirectoryW,GetLastError,lstrlenW,lstrlenW,lstrlenW,wsprintfW,wsprintfW,FindFirstFileW,lstrcpyW,lstrcmpiW,lstrcmpiW,lstrlenW,lstrlenW,lstrlenW,wsprintfW,SetFileAttributesW,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,FindNextFileW,GetLastError,FindClose,RemoveDirectoryW,SetLastError,0_2_02B54226
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B53EE6 __snprintf,_strrchr,__snprintf,_strrchr,GetLastError,FindFirstFileW,__snprintf,__snprintf,_free,_free,FindNextFileW,GetLastError,FindClose,_free,_free,_free,0_2_02B53EE6
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B544B4 FindFirstFileW,FindClose,0_2_02B544B4
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B55484 swprintf,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,GetLastError,GetLastError,GetLastError,0_2_02B55484
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B55590 _memset,_calloc,swprintf,FindFirstFileW,_wcscmp,_wcscmp,_calloc,swprintf,_free,FindNextFileW,FindClose,GetLastError,GetLastError,GetLastError,_free,0_2_02B55590
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_06541B0E swprintf,FindFirstFileW,_wcscmp,_wcscmp,CreateFileW,CloseHandle,FindNextFileW,FindClose,GetLastError,GetLastError,GetLastError,0_2_06541B0E
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_06541BFF _memset,_calloc,swprintf,FindFirstFileW,_wcscmp,_wcscmp,_calloc,swprintf,_free,FindNextFileW,FindClose,GetLastError,GetLastError,GetLastError,_free,0_2_06541BFF
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B51195 _memset,GetLogicalDriveStringsA,GetLastError,GetDriveTypeA,WNetGetUniversalNameA,_malloc,WNetGetUniversalNameA,_free,GetDiskFreeSpaceExA,_strlen,0_2_02B51195
        Source: HACK-GAMER.exe, 00000000.00000002.2077964264.0000000000A8E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\{t.
        Source: HACK-GAMER.exe, 00000000.00000003.2077019155.0000000000A7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: od_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-q
        Source: HACK-GAMER.exe, 00000000.00000002.2077964264.0000000000A7F000.00000004.00000020.00020000.00000000.sdmp, HACK-GAMER.exe, 00000000.00000003.2077019155.0000000000A7F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllg
        Source: HACK-GAMER.exe, 00000000.00000002.2077964264.0000000000A8E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Tt
        Source: C:\Users\user\Desktop\HACK-GAMER.exeAPI call chain: ExitProcess graph end nodegraph_0-62707
        Source: C:\Users\user\Desktop\HACK-GAMER.exeAPI call chain: ExitProcess graph end nodegraph_0-63274
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028EAA49 IsDebuggerPresent,0_2_028EAA49
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028E9FD8 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_028E9FD8
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_0075B000 EntryPoint,LoadLibraryA,GetProcAddress,CreateThread,0_2_0075B000
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028A4997 mov eax, dword ptr fs:[00000030h]0_2_028A4997
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028D5597 mov eax, dword ptr fs:[00000030h]0_2_028D5597
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B52EF9 mov eax, dword ptr fs:[00000030h]0_2_02B52EF9
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_06544091 mov eax, dword ptr fs:[00000030h]0_2_06544091
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028D29F0 GetProcessHeap,CreateEventW,GetLastError,GetCurrentProcess,DuplicateHandle,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,Sleep,SetEvent,SetLastError,CloseHandle,0_2_028D29F0
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028D5B73 GetModuleHandleW,SetUnhandledExceptionFilter,ExitProcess,ExitThread,0_2_028D5B73
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028E94BF SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_028E94BF
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B87C9A SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_02B87C9A
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_06549CAD SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_06549CAD

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Contains functionality to change the desktop window for a process (likely to hide graphical interactions)
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B5D583 GetCurrentProcessId,GetCurrentProcessId,OpenWindowStationA,RevertToSelf,OpenWindowStationA,GetProcessWindowStation,SetProcessWindowStation,GetLastError,OpenDesktopA,SetThreadDesktop,SwitchDesktop,CloseDesktop,CloseWindowStation,SetProcessWindowStation,0_2_02B5D583
        Contains functionality to inject code into remote processes
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B57D88 _memset,GetThreadContext,GetModuleHandleA,GetProcAddress,SetLastError,SetThreadContext,VirtualAllocEx,GetModuleHandleA,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,0_2_02B57D88
        Contains functionality to inject threads in other processes
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028D5198 VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,0_2_028D5198
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_06544E73 VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,0_2_06544E73
        Source: C:\Users\user\Desktop\HACK-GAMER.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://blood-strike.com/Jump to behavior
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028D7A78 CreateNamedPipeA,AllocateAndInitializeSid,AllocateAndInitializeSid,SetEntriesInAclW,AllocateAndInitializeSid,LocalAlloc,LocalAlloc,InitializeAcl,LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,SetSecurityDescriptorSacl,0_2_028D7A78
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028D7A78 CreateNamedPipeA,AllocateAndInitializeSid,AllocateAndInitializeSid,SetEntriesInAclW,AllocateAndInitializeSid,LocalAlloc,LocalAlloc,InitializeAcl,LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,SetSecurityDescriptorSacl,0_2_028D7A78
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B7F9FB cpuid 0_2_02B7F9FB
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: _memset,_memset,GetComputerNameA,GetLastError,LoadLibraryA,GetProcAddress,GetProcAddress,GetNativeSystemInfo,GetProcAddress,GetLocaleInfoA,_malloc,GetLocaleInfoA,GetLocaleInfoA,_malloc,GetLocaleInfoA,__snprintf,__snprintf,_free,_free,NetWkstaGetInfo,_free,NetApiBufferFree,0_2_02B5C764
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028D7A78 CreateNamedPipeA,AllocateAndInitializeSid,AllocateAndInitializeSid,SetEntriesInAclW,AllocateAndInitializeSid,LocalAlloc,LocalAlloc,InitializeAcl,LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,SetSecurityDescriptorSacl,0_2_028D7A78
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028E19D7 GetSystemTimeAsFileTime,__aulldiv,0_2_028E19D7
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B5C9C4 _memset,_memset,GetTimeZoneInformation,GetLocalTime,0_2_02B5C9C4
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028D2B76 _memset,GetVersionExW,GetLastError,SetLastError,VirtualAlloc,VirtualAlloc,GetLastError,VirtualAlloc,GetLastError,_memmove,_memmove,SetLastError,VirtualFree,VirtualFree,VirtualFree,0_2_028D2B76
        Source: C:\Users\user\Desktop\HACK-GAMER.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Remote Access Functionality

        barindex
        Yara detected Metasploit Payload
        Source: Yara matchFile source: HACK-GAMER.exe, type: SAMPLE
        Source: Yara matchFile source: 0.0.HACK-GAMER.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.HACK-GAMER.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000000.2018490546.000000000075B000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.2077575749.000000000075B000.00000080.00000001.01000000.00000003.sdmp, type: MEMORY
        Yara detected Meterpreter
        Source: Yara matchFile source: 0.2.HACK-GAMER.exe.28d0000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.HACK-GAMER.exe.28a0000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.HACK-GAMER.exe.28a0000.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_028D8D3C bind,WSAGetLastError,listen,accept,closesocket,0_2_028D8D3C
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B5689C _malloc,_memset,_strlen,WSASocketA,setsockopt,closesocket,WSASocketA,WSAGetLastError,htons,htons,htons,htons,bind,listen,WSACreateEvent,WSAEventSelect,_memset,closesocket,_free,0_2_02B5689C
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_02B56FD8 _malloc,_memset,inet_addr,inet_addr,inet_addr,WSASocketA,WSAGetLastError,htons,bind,WSACreateEvent,WSAEventSelect,_memset,closesocket,_free,0_2_02B56FD8
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_06542616 __snprintf_s,RpcStringBindingComposeW,DceErrorInqTextA,RpcBindingFromStringBindingW,RpcStringFreeW,RpcBindingSetAuthInfoW,0_2_06542616
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_06542E3B RpcBindingFree,0_2_06542E3B
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_06542D71 RpcStringBindingComposeW,RpcBindingFromStringBindingW,RpcStringFreeW,0_2_06542D71
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_06542513 _malloc,__snprintf_s,_wcscmp,DceErrorInqTextA,RpcBindingFree,_free,0_2_06542513
        Source: C:\Users\user\Desktop\HACK-GAMER.exeCode function: 0_2_065425E0 RpcBindingFree,_free,0_2_065425E0

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire Infrastructure1
        Valid Accounts        		1
        Native API        		1
        DLL Side-Loading        		1
        DLL Side-Loading        		1
        Deobfuscate/Decode Files or Information        		131
        Input Capture        		2
        System Time Discovery        		Remote Services11
        Archive Collected Data        		1
        Ingress Tool Transfer        		Exfiltration Over Other Network Medium1
        Data Encrypted for Impact
        CredentialsDomainsDefault Accounts2
        Command and Scripting Interpreter        		1
        Valid Accounts        		1
        Valid Accounts        		2
        Obfuscated Files or Information        		LSASS Memory1
        System Service Discovery        		Remote Desktop Protocol131
        Input Capture        		22
        Encrypted Channel        		Exfiltration Over Bluetooth1
        System Shutdown/Reboot
        Email AddressesDNS ServerDomain Accounts12
        Service Execution        		12
        Windows Service        		11
        Access Token Manipulation        		1
        Software Packing        		Security Account Manager2
        File and Directory Discovery        		SMB/Windows Admin SharesData from Network Shared Drive1
        Non-Standard Port        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCron1
        Registry Run Keys / Startup Folder        		12
        Windows Service        		1
        DLL Side-Loading        		NTDS35
        System Information Discovery        		Distributed Component Object ModelInput Capture1
        Non-Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script212
        Process Injection        		1
        Masquerading        		LSA Secrets31
        Security Software Discovery        		SSHKeylogging12
        Application Layer Protocol        		Scheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
        Registry Run Keys / Startup Folder        		1
        Valid Accounts        		Cached Domain Credentials1
        Process Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
        Access Token Manipulation        		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job212
        Process Injection        		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
        Indicator Removal        		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        HACK-GAMER.exe68%ReversingLabsWin32.Backdoor.Meterpreter
        HACK-GAMER.exe100%AviraTR/Patched.Gen

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        0.0.0.00%Avira URL Cloudsafe
        https://blood-strike.comIgo_web_download_%d-installer30%Avira URL Cloudsafe
        https://blood-strike.comc0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        google.com
        		142.250.186.142
        		truefalse
          		high
          www.google.com
          		142.250.186.36
          		truefalse
            		high
            blood-strike.com
            		unknown
            		unknownfalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              0.0.0.0true
              • Avira URL Cloud: safe
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://blood-strike.com/HACK-GAMER.exe, 00000000.00000003.2076847851.0000000000AFA000.00000004.00000020.00020000.00000000.sdmp, HACK-GAMER.exe, 00000000.00000003.2076276014.0000000000B12000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://blood-strike.com/fHACK-GAMER.exe, 00000000.00000002.2077879371.0000000000A48000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://blood-strike.com/$HACK-GAMER.exe, 00000000.00000003.2075200155.0000000000AEA000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://blood-strike.comcHACK-GAMER.exe, 00000000.00000003.2076867143.0000000000A8E000.00000004.00000020.00020000.00000000.sdmp, HACK-GAMER.exe, 00000000.00000002.2077964264.0000000000A8E000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://crl.thawte.com/ThawteTimestampingCA.crl0HACK-GAMER.exefalse
                      		high
                      https://blood-strike.comHACK-GAMER.exe, 00000000.00000003.2076867143.0000000000A8E000.00000004.00000020.00020000.00000000.sdmp, HACK-GAMER.exe, 00000000.00000002.2077964264.0000000000A8E000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://ocsp.thawte.com0HACK-GAMER.exefalse
                          		high
                          https://blood-strike.comIgo_web_download_%d-installer3HACK-GAMER.exefalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://blood-strike.com/=HACK-GAMER.exe, 00000000.00000003.2076867143.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp, HACK-GAMER.exe, 00000000.00000002.2078299456.0000000000AD6000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            167.99.38.229
                            		unknownUnited States
                            		14061DIGITALOCEAN-ASNUStrue
                            142.250.186.36
                            		www.google.comUnited States
                            		15169GOOGLEUSfalse
                            239.255.255.250
                            		unknownReserved
                            		unknownunknownfalse

                            Private

                            IP
                            192.168.2.23
                            192.168.2.5

                            General Information

                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1584740
                            Start date and time:2025-01-06 12:36:07 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 4m 56s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:8
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:HACK-GAMER.exe
                            Detection:MAL
                            Classification:mal100.troj.spyw.evad.winEXE@20/7@19/5
                            EGA Information:
                            • Successful, ratio: 100%
                            HCA Information:
                            • Successful, ratio: 52%
                            • Number of executed functions: 32
                            • Number of non-executed functions: 308
                            Cookbook Comments:
                            • Found application associated with file extension: .exe

                            Warnings

                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                            • Excluded IPs from analysis (whitelisted): 142.250.74.195, 64.233.167.84, 216.58.206.78, 142.250.181.238, 142.250.186.46, 172.217.18.14, 199.232.210.172, 192.229.221.95, 172.217.16.206, 142.250.186.110, 142.250.184.206, 142.250.186.174, 142.250.184.227, 142.250.74.206, 142.250.185.238, 142.250.185.142, 23.56.254.164, 52.149.20.212, 13.107.246.45
                            • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.

                            Simulations

                            Behavior and APIs

                            No simulations

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            167.99.38.229jgbC220X2U.exeGet hashmaliciousUnknownBrowse
                            • pepwuecibr.eu.loclx.io/command
                            239.255.255.250https://o365info.com/get-unlicensed-onedrive-accounts/Get hashmaliciousUnknownBrowse
                              AZfDGVWF68.pdfGet hashmaliciousUnknownBrowse
                                https://czfc104.na1.hubspotlinks.com/Ctc/RI+113/cZFc104/VVpBhY3Y-LTWW3Cvl9B8hKRPtVVm64t5qdmRWN1f4_WP7mt9FW50l5tj6lZ3lNW8SvDYK4v65T-W5VNxKh8dLcmKW1GlXcL834zD3W5w7v_71CDbKVV4Dsjr5FnQ2PVSHlbR3pc5MwW72kzKm6WrbY7W6NJh0_7GRxDMW2K2WDT2ZPr4xW3b_gtn2bnp5xW7Hn0F58SN9mqN4_D9_QrtgD8VBy-hV2j1qrbW3N54fh8gXkqCW6JcyP11p5DmRW6d2nj72MkQXgW6hgqJx7Gc_ycW5DT-Pm451FQhW4Tph0s8GNtc-W58sq8G9dpW27W5S3wzf7rNLv_Vn6h606T2B8YN4yb6VRDg_G5W36Gvt_2lnk9qW2LykX37R4KRSW1F2tHT3jrLyjW7hSkG572MN4TW75KrBz5T-zFkVLJYW27hKs9nW3h3Pmh907wxLW2Zzdnn98hQC7W2Qnk7D31ZBJjW83tNvQ2nNht5W1HJvHm95P722W55gfDx9lT1vDW1ykGr_219m_RW5ff63S7MhCcQW4_QfK_5TQdprVlF4dm2DH-ctW6mF-BW36YwwNW99r61n6mmMhVW2v1J7Q5mVXz2W53lcRT6L4fsVN8gyZcXY0MfLW2kLwLd1TYk1wW7MzDQt4QNh6nW1bMMpS84VG-SW6F_Tym5bK06Qf6rQzB604Get hashmaliciousUnknownBrowse
                                  NOTIFICATION_OF_DEPENDANTS.vbsGet hashmaliciousXmrigBrowse
                                    https://www.boulderpeptide.org/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                      P3A946MOFP.exeGet hashmaliciousXWormBrowse
                                        https://u46509964.ct.sendgrid.net/ls/click?upn=u001.yzEgCXNOtR0g3VDqrfESrp2R1cF5ldZEX7V8PkOFzM7ruCjjHr3jp5RGL8GduYU-2BjhHflFlXWDZcLxMTl-2BOf3Q-3D-3Dypty_wgMyjr7kuwn9YAatYj1Mf4g8ovXgJAxpM0PlHYE9e6HZUYNSU5hkcVbHbQ0q5E6I3Vn1iKBKWI4PPg-2BCiKeQ2OE0mP0AQHbDintLIvkOVimerxUzun3ony9NL1yVRuA4WQuNzjMCPVhNshNaKMXqQsMtvsckMLkqRAU-2FNXREyY4h03-2BUaA2tGQGT4QuateFiuKuJahSkLVnvCQKkIZcpO3aNqWzyxlmipL9FIlHPuq9M09y6kh5iIlWeVT6v9HaNCeK7mNRfTM-2FaE-2FYlUjqPiHlgW1bQDf4vc-2B8bTW2XnnwQ3OD-2BHpj1pVnq8E-2B5KWyk-2BdpGzJAivJFYRAm0bkM-2FBffGjfgcs9NuM6kyERGkXLWY0YDwCJHP0W3vRM98XO8M2QRiYbYEh4a80qwygvsII8yUtWb452P35A7kazo2Bsi9HmjZL32fVK2Kj1rsDSpFE2-2FPz5MkH0YdERZv2D9LaOR2CGCCtOzFgtqISzhm5DNl8sQN1HGl9yl3sxCQ2TXG-2B2-2FQIL0ayfUBJHiJurB3Y0z5HdmkhdTnyWYqM9SpbJkxNnfJXP5NAUZTA0q1B3cuqIcfJ8Gdtm1IuXC9fLcGQFLP2A1GLVH6tFOcbPu-2F-2FO5Evswi23nrB2CFvf3EAjbRLMMYTn-2FzVKiL-2FLRKqLChrdjv6iJ364jG39-2BR-2BRXc7k2MN4PqhyBkuDYVO6KJhJtr7VWQ1JkGgezZvQKBz4Vi6Gq0ytsGLOZnihpIPww05MHzIdOzD94b48OUKOeaeHavlRK5pXSjQ7zOPyDnUSjdCJ-2FLEEq4EOGwcWXvvFjweg-2BQEsFRU1KoSIvsY-2FcQgpMyEYXStCMiKHT4WQ7TMDjBOR3rhCh2QliVs-2FI1-2BSi-2FjGbWAd30KPG-2F7b4L3CtlRajP3-2BEOcqU3Jvnbxu8AdSEg-2F0bY3U9Rsq-2FRYamf2McJIE0i0zbXhYCXRm3cXwuZg-2Fn9ed9-2FBCSIqPn-2B7Kqqgzm-2FKg-3D-3DGet hashmaliciousUnknownBrowse
                                          https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=vyczmuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#changyeol.choi@hyundaielevator.comGet hashmaliciousUnknownBrowse
                                            https://pdf-ezy.com/pdf-ezy.exeGet hashmaliciousUnknownBrowse
                                              https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=rmgfuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                google.comhttps://o365info.com/get-unlicensed-onedrive-accounts/Get hashmaliciousUnknownBrowse
                                                • 142.250.185.97
                                                AZfDGVWF68.pdfGet hashmaliciousUnknownBrowse
                                                • 142.250.185.68
                                                https://czfc104.na1.hubspotlinks.com/Ctc/RI+113/cZFc104/VVpBhY3Y-LTWW3Cvl9B8hKRPtVVm64t5qdmRWN1f4_WP7mt9FW50l5tj6lZ3lNW8SvDYK4v65T-W5VNxKh8dLcmKW1GlXcL834zD3W5w7v_71CDbKVV4Dsjr5FnQ2PVSHlbR3pc5MwW72kzKm6WrbY7W6NJh0_7GRxDMW2K2WDT2ZPr4xW3b_gtn2bnp5xW7Hn0F58SN9mqN4_D9_QrtgD8VBy-hV2j1qrbW3N54fh8gXkqCW6JcyP11p5DmRW6d2nj72MkQXgW6hgqJx7Gc_ycW5DT-Pm451FQhW4Tph0s8GNtc-W58sq8G9dpW27W5S3wzf7rNLv_Vn6h606T2B8YN4yb6VRDg_G5W36Gvt_2lnk9qW2LykX37R4KRSW1F2tHT3jrLyjW7hSkG572MN4TW75KrBz5T-zFkVLJYW27hKs9nW3h3Pmh907wxLW2Zzdnn98hQC7W2Qnk7D31ZBJjW83tNvQ2nNht5W1HJvHm95P722W55gfDx9lT1vDW1ykGr_219m_RW5ff63S7MhCcQW4_QfK_5TQdprVlF4dm2DH-ctW6mF-BW36YwwNW99r61n6mmMhVW2v1J7Q5mVXz2W53lcRT6L4fsVN8gyZcXY0MfLW2kLwLd1TYk1wW7MzDQt4QNh6nW1bMMpS84VG-SW6F_Tym5bK06Qf6rQzB604Get hashmaliciousUnknownBrowse
                                                • 142.250.186.46
                                                NOTIFICATION_OF_DEPENDANTS.vbsGet hashmaliciousXmrigBrowse
                                                • 172.217.18.4
                                                https://www.boulderpeptide.org/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                • 142.250.185.228
                                                https://www.scribd.com/document/787929982/script-tlsfranceGet hashmaliciousUnknownBrowse
                                                • 216.239.38.181
                                                P3A946MOFP.exeGet hashmaliciousXWormBrowse
                                                • 142.250.185.132
                                                https://u46509964.ct.sendgrid.net/ls/click?upn=u001.yzEgCXNOtR0g3VDqrfESrp2R1cF5ldZEX7V8PkOFzM7ruCjjHr3jp5RGL8GduYU-2BjhHflFlXWDZcLxMTl-2BOf3Q-3D-3Dypty_wgMyjr7kuwn9YAatYj1Mf4g8ovXgJAxpM0PlHYE9e6HZUYNSU5hkcVbHbQ0q5E6I3Vn1iKBKWI4PPg-2BCiKeQ2OE0mP0AQHbDintLIvkOVimerxUzun3ony9NL1yVRuA4WQuNzjMCPVhNshNaKMXqQsMtvsckMLkqRAU-2FNXREyY4h03-2BUaA2tGQGT4QuateFiuKuJahSkLVnvCQKkIZcpO3aNqWzyxlmipL9FIlHPuq9M09y6kh5iIlWeVT6v9HaNCeK7mNRfTM-2FaE-2FYlUjqPiHlgW1bQDf4vc-2B8bTW2XnnwQ3OD-2BHpj1pVnq8E-2B5KWyk-2BdpGzJAivJFYRAm0bkM-2FBffGjfgcs9NuM6kyERGkXLWY0YDwCJHP0W3vRM98XO8M2QRiYbYEh4a80qwygvsII8yUtWb452P35A7kazo2Bsi9HmjZL32fVK2Kj1rsDSpFE2-2FPz5MkH0YdERZv2D9LaOR2CGCCtOzFgtqISzhm5DNl8sQN1HGl9yl3sxCQ2TXG-2B2-2FQIL0ayfUBJHiJurB3Y0z5HdmkhdTnyWYqM9SpbJkxNnfJXP5NAUZTA0q1B3cuqIcfJ8Gdtm1IuXC9fLcGQFLP2A1GLVH6tFOcbPu-2F-2FO5Evswi23nrB2CFvf3EAjbRLMMYTn-2FzVKiL-2FLRKqLChrdjv6iJ364jG39-2BR-2BRXc7k2MN4PqhyBkuDYVO6KJhJtr7VWQ1JkGgezZvQKBz4Vi6Gq0ytsGLOZnihpIPww05MHzIdOzD94b48OUKOeaeHavlRK5pXSjQ7zOPyDnUSjdCJ-2FLEEq4EOGwcWXvvFjweg-2BQEsFRU1KoSIvsY-2FcQgpMyEYXStCMiKHT4WQ7TMDjBOR3rhCh2QliVs-2FI1-2BSi-2FjGbWAd30KPG-2F7b4L3CtlRajP3-2BEOcqU3Jvnbxu8AdSEg-2F0bY3U9Rsq-2FRYamf2McJIE0i0zbXhYCXRm3cXwuZg-2Fn9ed9-2FBCSIqPn-2B7Kqqgzm-2FKg-3D-3DGet hashmaliciousUnknownBrowse
                                                • 142.250.185.164
                                                https://u46509964.ct.sendgrid.net/ls/click?upn=u001.yzEgCXNOtR0g3VDqrfESrp2R1cF5ldZEX7V8PkOFzM7ruCjjHr3jp5RGL8GduYU-2BjhHflFlXWDZcLxMTl-2BOf3Q-3D-3Dypty_wgMyjr7kuwn9YAatYj1Mf4g8ovXgJAxpM0PlHYE9e6HZUYNSU5hkcVbHbQ0q5E6I3Vn1iKBKWI4PPg-2BCiKeQ2OE0mP0AQHbDintLIvkOVimerxUzun3ony9NL1yVRuA4WQuNzjMCPVhNshNaKMXqQsMtvsckMLkqRAU-2FNXREyY4h03-2BUaA2tGQGT4QuateFiuKuJahSkLVnvCQKkIZcpO3aNqWzyxlmipL9FIlHPuq9M09y6kh5iIlWeVT6v9HaNCeK7mNRfTM-2FaE-2FYlUjqPiHlgW1bQDf4vc-2B8bTW2XnnwQ3OD-2BHpj1pVnq8E-2B5KWyk-2BdpGzJAivJFYRAm0bkM-2FBffGjfgcs9NuM6kyERGkXLWY0YDwCJHP0W3vRM98XO8M2QRiYbYEh4a80qwygvsII8yUtWb452P35A7kazo2Bsi9HmjZL32fVK2Kj1rsDSpFE2-2FPz5MkH0YdERZv2D9LaOR2CGCCtOzFgtqISzhm5DNl8sQN1HGl9yl3sxCQ2TXG-2B2-2FQIL0ayfUBJHiJurB3Y0z5HdmkhdTnyWYqM9SpbJkxNnfJXP5NAUZTA0q1B3cuqIcfJ8Gdtm1IuXC9fLcGQFLP2A1GLVH6tFOcbPu-2F-2FO5Evswi23nrB2CFvf3EAjbRLMMYTn-2FzVKiL-2FLRKqLChrdjv6iJ364jG39-2BR-2BRXc7k2MN4PqhyBkuDYVO6KJhJtr7VWQ1JkGgezZvQKBz4Vi6Gq0ytsGLOZnihpIPww05MHzIdOzD94b48OUKOeaeHavlRK5pXSjQ7zOPyDnUSjdCJ-2FLEEq4EOGwcWXvvFjweg-2BQEsFRU1KoSIvsY-2FcQgpMyEYXStCMiKHT4WQ7TMDjBOR3rhCh2QliVs-2FI1-2BSi-2FjGbWAd30KPG-2F7b4L3CtlRajP3-2BEOcqU3Jvnbxu8AdSEg-2F0bY3U9Rsq-2FRYamf2McJIE0i0zbXhYCXRm3cXwuZg-2Fn9ed9-2FBCSIqPn-2B7Kqqgzm-2FKg-3D-3DGet hashmaliciousUnknownBrowse
                                                • 142.250.185.132
                                                https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=vyczmuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#changyeol.choi@hyundaielevator.comGet hashmaliciousUnknownBrowse
                                                • 172.217.18.4

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                DIGITALOCEAN-ASNUShttps://o365info.com/get-unlicensed-onedrive-accounts/Get hashmaliciousUnknownBrowse
                                                • 167.99.229.36
                                                1.elfGet hashmaliciousUnknownBrowse
                                                • 157.245.170.52
                                                4.elfGet hashmaliciousUnknownBrowse
                                                • 157.230.180.192
                                                i686.elfGet hashmaliciousMiraiBrowse
                                                • 188.166.182.194
                                                i686.elfGet hashmaliciousMiraiBrowse
                                                • 188.166.182.194
                                                cZO.exeGet hashmaliciousUnknownBrowse
                                                • 68.183.196.133
                                                momo.arm7.elfGet hashmaliciousMiraiBrowse
                                                • 174.138.12.56
                                                avaydna.exeGet hashmaliciousNjratBrowse
                                                • 157.245.14.184
                                                4.elfGet hashmaliciousUnknownBrowse
                                                • 157.230.180.162
                                                i686.elfGet hashmaliciousMiraiBrowse
                                                • 188.166.182.194

                                                JA3 Fingerprints

                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                1138de370e523e824bbca92d049a3777NOTIFICATION_OF_DEPENDANTS.vbsGet hashmaliciousXmrigBrowse
                                                • 23.1.237.91
                                                repo.huaweicloud.com-sh-2025-01-05T07_55_53.htmlGet hashmaliciousUnknownBrowse
                                                • 23.1.237.91
                                                https://rfqdocu.construction-org.com/Q5kL4/Get hashmaliciousHTMLPhisherBrowse
                                                • 23.1.237.91
                                                http://www.klim.comGet hashmaliciousUnknownBrowse
                                                • 23.1.237.91
                                                https://d25mwe2145ri5.cloudfront.net/installer/33365003/2056290341532614624Get hashmaliciousUnknownBrowse
                                                • 23.1.237.91
                                                http://vaporblastingservices.comGet hashmaliciousUnknownBrowse
                                                • 23.1.237.91
                                                https://klickskydd.skolverket.org/?url=https%3A%2F%2Fwww.gazeta.ru%2Fpolitics%2Fnews%2F2024%2F12%2F22%2F24684722.shtml&id=71de&rcpt=upplysningstjansten@skolverket.se&tss=1735469857&msgid=b53e7603-c5d3-11ef-8a2e-0050569b0508&html=1&h=ded85c63Get hashmaliciousHTMLPhisherBrowse
                                                • 23.1.237.91
                                                NOTIFICATION_OF_DEPENDANTS_1.vbsGet hashmaliciousXmrigBrowse
                                                • 23.1.237.91
                                                Payment_00372_26-12-2024.htmlGet hashmaliciousUnknownBrowse
                                                • 23.1.237.91
                                                over.ps1Get hashmaliciousVidarBrowse
                                                • 23.1.237.91

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\89dad5d484a9f889a3a8dfca823edc3e_9e146be9-c76a-4720-bcdb-53011b87bd06

                                                Download File
                                                Process:C:\Users\user\Desktop\HACK-GAMER.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):47
                                                Entropy (8bit):1.168829563685559
                                                Encrypted:false
                                                SSDEEP:3:/lSll2DQi:AoMi
                                                MD5:DAB633BEBCCE13575989DCFA4E2203D6
                                                SHA1:33186D50F04C5B5196C1FCC1FAD17894B35AC6C7
                                                SHA-256:1C00FBA1B82CD386E866547F33E1526B03F59E577449792D99C882DEF05A1D17
                                                SHA-512:EDDBB22D9FC6065B8F5376EC95E316E7569530EFAA9EA9BC641881D763B91084DCCC05BC793E8E29131D20946392A31BD943E8FC632D91EE13ABA7B0CD1C626F
                                                Malicious:false
                                                Reputation:moderate, very likely benign file
                                                Preview:........................................user.

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jan 6 10:37:03 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2677
                                                Entropy (8bit):3.978600274325112
                                                Encrypted:false
                                                SSDEEP:48:8UdEToIzH2idAKZdA19ehwiZUklqehQy+3:8nXwvy
                                                MD5:78705D17FF3249D313A3F23220A282E2
                                                SHA1:2B39C66EC1FD762F6DB7543C0CC887D27E84EF83
                                                SHA-256:C8774736A4171CBD7298995FB3198D7CB0725ADED807F0E8C4CFBE53F3CE29DC
                                                SHA-512:1D4C8681BDFB5DD223AF68BF5B258E03C3825AD6D999DE67DCF209EA5282E4DD91AD7778B0A4860FE460A036BEC2FA8FAC4E6ADA5DEB4076083E8FF0B7F8096E
                                                Malicious:false
                                                Reputation:low
                                                Preview:L..................F.@.. ...$+.,......N/`..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I&Z.\....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V&Z.\....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V&Z.\....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V&Z.\..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V&Z.\...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jan 6 10:37:03 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2679
                                                Entropy (8bit):3.994723580739018
                                                Encrypted:false
                                                SSDEEP:48:8rdEToIzH2idAKZdA1weh/iZUkAQkqehfy+2:8CXK9QWy
                                                MD5:6A37748AD91DBFCFB049DC577BADA45D
                                                SHA1:6029447D88E61D58B43891E615CA84F0A9ED7A08
                                                SHA-256:403C8C186C37D1D0F7052539E92331C308E5DDA949ED1F7003B406DD04C2436E
                                                SHA-512:7F710E55B83647AF5E3BD257B663CEF89947EB5EF23AED487ABEDD81D037D1223D47A4E66BDD2CEBC2C25CDD93B8352AC7C3B50529E5F26D3B023AFCF98AFC54
                                                Malicious:false
                                                Reputation:low
                                                Preview:L..................F.@.. ...$+.,......N/`..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I&Z.\....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V&Z.\....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V&Z.\....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V&Z.\..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V&Z.\...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2693
                                                Entropy (8bit):4.006033335466465
                                                Encrypted:false
                                                SSDEEP:48:8xxdEToIsH2idAKZdA14tseh7sFiZUkmgqeh7sVy+BX:8xoXLnjy
                                                MD5:50B2B1470D38441F2D7A1879C1EED6B0
                                                SHA1:9BF92BD4EDA473CC4DD7113FF882F6F9C643F98D
                                                SHA-256:6F3F257413FD3B154C44283ACCD67D2744A28BE04A5F4ADF9908C994D123931F
                                                SHA-512:9FECE14CE6B9E01C7BAA7088839F9B06F8CC24A1B9B1F2C9B989FA68B8B2241ED3DB4E82603C11B7CCB33A6AA126D600496347312D982947FF291CC0202820CB
                                                Malicious:false
                                                Reputation:low
                                                Preview:L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I&Z.\....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V&Z.\....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V&Z.\....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V&Z.\..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jan 6 10:37:03 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2681
                                                Entropy (8bit):3.993126566417671
                                                Encrypted:false
                                                SSDEEP:48:8gdEToIzH2idAKZdA1vehDiZUkwqehLy+R:8jXRdy
                                                MD5:5FDF4D322830CD684A7383B85F3843F9
                                                SHA1:83BA35541797D0882A50306B4A288727C3518439
                                                SHA-256:5FF4F77D8A0233E8F8419720D96565818E5168441CB18571141B7AAB97140380
                                                SHA-512:60DA5B95E512481388F8D64D998EF2A4C16756D5F03C88E57B3E96987C218C79670655FC71A5024EB09E237EE99945E6606FE65DDCE4A31D4BEBDD0A901B9534
                                                Malicious:false
                                                Reputation:low
                                                Preview:L..................F.@.. ...$+.,....7..N/`..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I&Z.\....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V&Z.\....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V&Z.\....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V&Z.\..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V&Z.\...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jan 6 10:37:03 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2681
                                                Entropy (8bit):3.9807303918938985
                                                Encrypted:false
                                                SSDEEP:48:8t5ddEToIzH2idAKZdA1hehBiZUk1W1qehJy+C:8tGXx9py
                                                MD5:90A766F0F01164DB5F07E683EEE411B2
                                                SHA1:1ACA0582DB07E86FE8396C46C3EABA28F14B2E4A
                                                SHA-256:6DF8B9A82558FA90D5B770B67B231023E5E72E4A674551F74CA1AF8ED634F300
                                                SHA-512:229B20F5904516F40A496587ECBEAB324BF0E5A78BFF5297F976FE77068D13ADEC9513835BFAAA4E34B58FAD58369AC40568304E1E1B37EC9F3988CE015126FC
                                                Malicious:false
                                                Reputation:low
                                                Preview:L..................F.@.. ...$+.,...../.N/`..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I&Z.\....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V&Z.\....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V&Z.\....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V&Z.\..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V&Z.\...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                Download File
                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Jan 6 10:37:03 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                                Category:dropped
                                                Size (bytes):2683
                                                Entropy (8bit):3.9940030274066958
                                                Encrypted:false
                                                SSDEEP:48:8wdEToIzH2idAKZdA1duT+ehOuTbbiZUk5OjqehOuTbjy+yT+:8zXtT/TbxWOvTbjy7T
                                                MD5:272139E24132F635F449996E09C0F995
                                                SHA1:9DB6C2070FD9045FB216D47428E4FD7CF6CE99F0
                                                SHA-256:A53DAD25F7074A482825BAC13DD71891019338F52197B81F9715F10E31967AB4
                                                SHA-512:DD36FA4B4D68433C78E90A615E80CA43F8F9616B010362DFA30100E4DCBE17799C2F78FDA38ADDC866DB738DC6C3FE3105C35AEF02AEE625AD59B63239F562AE
                                                Malicious:false
                                                Preview:L..................F.@.. ...$+.,......N/`..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I&Z.\....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V&Z.\....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V&Z.\....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V&Z.\..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V&Z.\...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                Entropy (8bit):7.1937388262168085
                                                TrID:
                                                • Win32 Executable (generic) a (10002005/4) 98.81%
                                                • Windows ActiveX control (116523/4) 1.15%
                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                • DOS Executable Generic (2002/1) 0.02%
                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                File name:HACK-GAMER.exe
                                                File size:4'721'152 bytes
                                                MD5:3c6dab4377f2d4dab30095f2d5167795
                                                SHA1:d1022085523956412718e15ecd39e9c49fc6b74e
                                                SHA256:3c92654b0f9957d8ca7f69ada68a4c79fcc1bd2baca92370dc0578434c966338
                                                SHA512:f6963c3ac7ac8ea3cbcb7ca369d39ebf4075ee7041fbc29971e4ccf052ea0c5a434df2d5b27ed3e8c745f1815b3f54c0327e8521ecc3aa8e476844788c217e13
                                                SSDEEP:98304:82PTBRfTf7DbmCz+Y1i6q0NCRTcgzA7iyiqzKrwyiqzKv:823TTPq+gzA7itqzKrwtqzKv
                                                TLSH:6B26AE10795000A3C1E3023279D9FF3DAEBDA9B4472D818B72E8B65D2D774C35E2669B
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............m...m...m.......m.......m......zm.......m.......m.......m......;l.......m...m...n.......m....C..m...m+..m.......m..Rich.m.

                                                File Icon

                                                Icon Hash:139ecc46ce9a9b17

                                                Static PE Info

                                                General

                                                Entrypoint:0x75b000
                                                Entrypoint Section:.text
                                                Digitally signed:false
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                Time Stamp:0x65439E01 [Thu Nov 2 13:02:57 2023 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:
                                                OS Version Major:4
                                                OS Version Minor:0
                                                File Version Major:4
                                                File Version Minor:0
                                                Subsystem Version Major:4
                                                Subsystem Version Minor:0
                                                Import Hash:00119ad1782cc9f2ed453c9f6b5f7a0a

                                                Entrypoint Preview

                                                Instruction
                                                pushad
                                                push 0075B031h
                                                call dword ptr [005C0288h]
                                                push 0075B03Ah
                                                push eax
                                                call dword ptr [005C03D4h]
                                                lea edx, dword ptr [0075B047h]
                                                push 00000000h
                                                push 00000000h
                                                push 00000000h
                                                push edx
                                                push 00000000h
                                                push 00000000h
                                                call eax
                                                popad
                                                jmp 00007F08C49A3AD7h
                                                imul esp, dword ptr [ebp+72h], 6Eh
                                                insb
                                                xor esi, dword ptr [edx]
                                                add byte ptr [ebx+72h], al
                                                popad
                                                je 00007F08C4B95DB7h
                                                push esp
                                                push 64616572h
                                                add byte ptr [ebp+75B04D15h], cl
                                                add ah, bh
                                                call 00007F08C4B95DE4h
                                                pushad
                                                mov ebp, esp
                                                xor edx, edx
                                                mov edx, dword ptr fs:[edx+30h]
                                                mov edx, dword ptr [edx+0Ch]
                                                mov edx, dword ptr [edx+14h]
                                                xor edi, edi
                                                movzx ecx, word ptr [edx+26h]
                                                mov esi, dword ptr [edx+28h]
                                                xor eax, eax
                                                lodsb
                                                cmp al, 61h
                                                jl 00007F08C4B95D54h
                                                sub al, 20h
                                                ror edi, 0Dh
                                                add edi, eax
                                                dec ecx
                                                jne 00007F08C4B95D41h
                                                push edx
                                                push edi
                                                mov edx, dword ptr [edx+10h]
                                                mov eax, dword ptr [edx+3Ch]
                                                add eax, edx
                                                mov eax, dword ptr [eax+78h]
                                                test eax, eax
                                                je 00007F08C4B95D9Eh
                                                add eax, edx
                                                push eax
                                                mov ecx, dword ptr [eax+18h]
                                                mov ebx, dword ptr [eax+20h]
                                                add ebx, edx
                                                test ecx, ecx
                                                je 00007F08C4B95D8Eh
                                                dec ecx
                                                mov esi, dword ptr [ebx+ecx*4]
                                                add esi, edx
                                                xor edi, edi
                                                xor eax, eax
                                                ror edi, 0Dh
                                                lodsb
                                                add edi, eax
                                                cmp al, ah
                                                jne 00007F08C4B95D46h
                                                add edi, dword ptr [ebp-08h]
                                                cmp edi, dword ptr [ebp+24h]
                                                jne 00007F08C4B95D32h
                                                pop eax
                                                mov ebx, dword ptr [eax+24h]
                                                add ebx, edx
                                                mov cx, word ptr [ebx+ecx*2]
                                                mov ebx, dword ptr [eax+1Ch]
                                                add ebx, edx

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x35c0000x397d.idata
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x3600000x106628.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x4670000x253b0.reloc
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x35b1b00x18.text
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x1c00000xa64.rdata
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x10000x1beaaa0x1bec00ebef743d8c7c80af00ecd717263ceec2False0.5279312176482932data6.535981982245072IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                .rdata0x1c00000x5f7580x5f800d659c04ba2544d388f332a3477d198e8False0.3091663939790576data5.083496080578532IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .data0x2200000xda800x6e0019b560670f54a107014a9681c9bb532aFalse0.22819602272727274data4.751000567242447IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .rsrc0x22e0000x1066780x1068007e3926d8af71ff433b8ded97b51ca528False0.6679380580357143data7.570006776949915IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .reloc0x3350000x253a40x25400ab6d23a7c8dc510765062e3f18056e03False0.4668558619966443data6.574537084275539IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                .text0x35b0000x1cc0x2003b88d23f35104550a7362d847027bc31False0.85546875data5.899532939921387IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .idata0x35c0000x397d0x3a00fb814ef8f707581b97bf6947ec15bedfFalse0.4599272629310345data5.693919067233576IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .rsrc0x3600000x1066280x1068004d2d28d8c2c0e76e3bd286382370c728False0.6678962053571429data7.568055283031553IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .reloc0x4670000x253b00x254004038dfe122c099bd746d3f8ea3d4451dFalse0.46686241610738255data6.574414406123205IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                PNG0x3613900x1e06PNG image data, 148 x 52, 8-bit/color RGBA, non-interlacedChineseChina0.9712464220660942
                                                PNG0x3631960x2a76PNG image data, 148 x 52, 8-bit/color RGBA, non-interlacedChineseChina0.9804047838086477
                                                PNG0x365c0c0x2acePNG image data, 148 x 52, 8-bit/color RGBA, non-interlacedChineseChina0.98047088884833
                                                PNG0x3686da0x2b49PNG image data, 148 x 52, 8-bit/color RGBA, non-interlacedChineseChina0.9808681526938002
                                                PNG0x36b2230x1045PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedChineseChina0.9301320528211284
                                                PNG0x36c2680x801PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedChineseChina0.8687164470473402
                                                PNG0x36ca690x1100PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedChineseChina0.9315257352941176
                                                PNG0x36db690x10f9PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedChineseChina0.9332566168009206
                                                PNG0x36ec620xe90PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedChineseChina0.9208690987124464
                                                PNG0x36faf20x67fPNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedChineseChina0.8262176788935659
                                                PNG0x3701710xe8aPNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedChineseChina0.9204728640515851
                                                PNG0x370ffb0xe90PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedChineseChina0.9197961373390557
                                                PNG0x371e8b0x4cfPNG image data, 18 x 14, 8-bit/color RGB, non-interlacedChineseChina0.7497969130787977
                                                PNG0x37235a0x552PNG image data, 18 x 14, 8-bit/color RGBA, non-interlacedChineseChina0.7723935389133627
                                                PNG0x3728ac0x488PNG image data, 18 x 14, 8-bit/color RGB, non-interlacedChineseChina0.7293103448275862
                                                PNG0x372d340x49bPNG image data, 18 x 14, 8-bit/color RGB, non-interlacedChineseChina0.7370653095843935
                                                PNG0x3731cf0x72e6ePNG image data, 705 x 527, 8-bit/color RGBA, non-interlacedChineseChina0.9972696637330603
                                                PNG0x3e603d0x4d0PNG image data, 444 x 26, 8-bit/color RGBA, non-interlacedChineseChina0.7183441558441559
                                                PNG0x3e650d0x40bPNG image data, 568 x 12, 8-bit/color RGBA, non-interlacedChineseChina0.672463768115942
                                                PNG0x3e69180x12ebPNG image data, 568 x 12, 8-bit/color RGBA, non-interlacedChineseChina0.9459013008465827
                                                PNG0x3e7c030x965PNG image data, 34 x 42, 8-bit/color RGBA, non-interlacedChineseChina0.8848232848232849
                                                PNG0x3e85680x7b3PNG image data, 124 x 44, 8-bit/color RGBA, non-interlacedChineseChina0.8574327752409944
                                                PNG0x3e8d1b0x16d8PNG image data, 124 x 44, 8-bit/color RGBA, non-interlacedChineseChina0.9579343365253078
                                                PNG0x3ea3f30x16f7PNG image data, 124 x 44, 8-bit/color RGBA, non-interlacedChineseChina0.9627487667970743
                                                PNG0x3ebaea0x174aPNG image data, 124 x 44, 8-bit/color RGBA, non-interlacedChineseChina0.9577323045957732
                                                PNG0x3ed2340x7caPNG image data, 124 x 44, 8-bit/color RGBA, non-interlacedChineseChina0.8635907723169508
                                                PNG0x3ed9fe0x1081PNG image data, 124 x 44, 8-bit/color RGBA, non-interlacedChineseChina0.938698224852071
                                                PNG0x3eea7f0xf3ePNG image data, 124 x 44, 8-bit/color RGBA, non-interlacedChineseChina0.9402870322911328
                                                PNG0x3ef9bd0xf74PNG image data, 124 x 44, 8-bit/color RGBA, non-interlacedChineseChina0.9337714863498483
                                                PROGRAM0x3f09310x34370PE32 executable (GUI) Intel 80386, for MS WindowsChineseChina0.48017505797860405
                                                RT_CURSOR0x424ca10x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"ChineseChina0.4805194805194805
                                                RT_CURSOR0x424dd50xb4Targa image data - Map 32 x 65536 x 1 +16 "\001"ChineseChina0.7
                                                RT_CURSOR0x424e890x134AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdChineseChina0.36363636363636365
                                                RT_CURSOR0x424fbd0x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"ChineseChina0.35714285714285715
                                                RT_CURSOR0x4250f10x134dataChineseChina0.37337662337662336
                                                RT_CURSOR0x4252250x134dataChineseChina0.37662337662337664
                                                RT_CURSOR0x4253590x134Targa image data 64 x 65536 x 1 +32 "\001"ChineseChina0.36688311688311687
                                                RT_CURSOR0x42548d0x134Targa image data 64 x 65536 x 1 +32 "\001"ChineseChina0.37662337662337664
                                                RT_CURSOR0x4255c10x134Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001"ChineseChina0.36688311688311687
                                                RT_CURSOR0x4256f50x134Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001"ChineseChina0.38636363636363635
                                                RT_CURSOR0x4258290x134dataChineseChina0.44155844155844154
                                                RT_CURSOR0x42595d0x134dataChineseChina0.4155844155844156
                                                RT_CURSOR0x425a910x134AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdChineseChina0.5422077922077922
                                                RT_CURSOR0x425bc50x134dataChineseChina0.2662337662337662
                                                RT_CURSOR0x425cf90x134dataChineseChina0.2824675324675325
                                                RT_CURSOR0x425e2d0x134dataChineseChina0.3246753246753247
                                                RT_BITMAP0x425f610x1812Device independent bitmap graphic, 34 x 45 x 32, image size 6122, resolution 2834 x 2834 px/mChineseChina0.11522233041220382
                                                RT_BITMAP0x4277730x1812Device independent bitmap graphic, 34 x 45 x 32, image size 6122, resolution 2834 x 2834 px/mChineseChina0.1762414800389484
                                                RT_BITMAP0x428f850x1812Device independent bitmap graphic, 34 x 45 x 32, image size 6122, resolution 2834 x 2834 px/mChineseChina0.2059396299902629
                                                RT_BITMAP0x42a7970x1812Device independent bitmap graphic, 34 x 45 x 32, image size 6122, resolution 2834 x 2834 px/mChineseChina0.18500486854917234
                                                RT_BITMAP0x42bfa90x1812Device independent bitmap graphic, 34 x 45 x 32, image size 6122, resolution 2834 x 2834 px/mChineseChina0.09996754300551769
                                                RT_BITMAP0x42d7bb0x1812Device independent bitmap graphic, 34 x 45 x 32, image size 6122, resolution 2834 x 2834 px/mChineseChina0.17916260954235638
                                                RT_BITMAP0x42efcd0x1812Device independent bitmap graphic, 34 x 45 x 32, image size 6122, resolution 2834 x 2834 px/mChineseChina0.1471924699772801
                                                RT_BITMAP0x4307df0x1812Device independent bitmap graphic, 34 x 45 x 32, image size 6122, resolution 2834 x 2834 px/mChineseChina0.1296656929568322
                                                RT_BITMAP0x431ff10xb8Device independent bitmap graphic, 12 x 10 x 4, image size 80ChineseChina0.44565217391304346
                                                RT_BITMAP0x4320a90x144Device independent bitmap graphic, 33 x 11 x 4, image size 220ChineseChina0.37962962962962965
                                                RT_ICON0x4321ed0x11028Device independent bitmap graphic, 128 x 256 x 32, image size 65536ChineseChina0.6349609599265128
                                                RT_DIALOG0x4432150x224dataChineseChina0.5273722627737226
                                                RT_DIALOG0x4434390xaadataChineseChina0.7176470588235294
                                                RT_DIALOG0x4434e30xe2dataChineseChina0.6769911504424779
                                                RT_DIALOG0x4435c50x34dataChineseChina0.8653846153846154
                                                RT_STRING0x4435f90x128dataChineseChina0.6587837837837838
                                                RT_STRING0x4437210x3adataChineseChina0.7241379310344828
                                                RT_STRING0x44375b0x4edataChineseChina0.8461538461538461
                                                RT_STRING0x4437a90x2cdataChineseChina0.5909090909090909
                                                RT_STRING0x4437d50x84dataChineseChina0.9166666666666666
                                                RT_STRING0x4438590x1ccdataChineseChina0.7934782608695652
                                                RT_STRING0x443a250x14edataChineseChina0.5179640718562875
                                                RT_STRING0x443b730x10edataChineseChina0.7037037037037037
                                                RT_STRING0x443c810x50dataChineseChina0.7125
                                                RT_STRING0x443cd10x44dataChineseChina0.6764705882352942
                                                RT_STRING0x443d150x68dataChineseChina0.7019230769230769
                                                RT_STRING0x443d7d0x1b2dataChineseChina0.6474654377880185
                                                RT_STRING0x443f2f0xf4dataChineseChina0.6065573770491803
                                                RT_STRING0x4440230x24dataChineseChina0.4722222222222222
                                                RT_STRING0x4440470x1a8dataChineseChina0.6674528301886793
                                                RT_GROUP_CURSOR0x4441ef0x22Lotus unknown worksheet or configuration, revision 0x2ChineseChina1.0
                                                RT_GROUP_CURSOR0x4442110x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                                RT_GROUP_CURSOR0x4442250x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                                RT_GROUP_CURSOR0x4442390x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                                RT_GROUP_CURSOR0x44424d0x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                                RT_GROUP_CURSOR0x4442610x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                                RT_GROUP_CURSOR0x4442750x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                                RT_GROUP_CURSOR0x4442890x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                                RT_GROUP_CURSOR0x44429d0x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                                RT_GROUP_CURSOR0x4442b10x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                                RT_GROUP_CURSOR0x4442c50x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                                RT_GROUP_CURSOR0x4442d90x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                                RT_GROUP_CURSOR0x4442ed0x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                                RT_GROUP_CURSOR0x4443010x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                                RT_GROUP_CURSOR0x4443150x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina1.3
                                                RT_GROUP_ICON0x4443290x14dataChineseChina1.15
                                                RT_VERSION0x44433d0x2ccdataChineseChina0.49441340782122906
                                                RT_HTML0x4446090x2106fHTML document, ISO-8859 text, with CRLF, CR line terminatorsChineseChina0.1543698578493336
                                                RT_MANIFEST0x4656780x957XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (2331), with CRLF line terminatorsEnglishUnited States0.30363864491844417
                                                RT_MANIFEST0x465fcf0x5afXML 1.0 document, ASCII textChineseChina0.43848797250859106
                                                None0x46657e0xaadataChineseChina0.40588235294117647

                                                Imports

                                                DLLImport
                                                gdiplus.dllGdipGetImagePaletteSize, GdipBitmapLockBits, GdipBitmapUnlockBits, GdipDrawImageI, GdipCreateBitmapFromScan0, GdipDrawImageRectI, GdipDrawCachedBitmap, GdipCreateCachedBitmap, GdipDeleteCachedBitmap, GdipCreateBitmapFromStream, GdipDisposeImage, GdipCloneImage, GdipCreateBitmapFromHBITMAP, GdipReleaseDC, GdipSetTextRenderingHint, GdipSetInterpolationMode, GdipGetImagePalette, GdipSetPixelOffsetMode, GdipSetCompositingQuality, GdipSetCompositingMode, GdipDeleteGraphics, GdipCreateFromHDC, GdipDrawString, GdipSetStringFormatAlign, GdipDeleteStringFormat, GdipCreateStringFormat, GdipCloneBrush, GdipGetImagePixelFormat, GdipGetImageGraphicsContext, GdiplusStartup, GdiplusShutdown, GdipDeleteBrush, GdipCreateSolidFill, GdipCreateFont, GdipAlloc, GdipDeleteFontFamily, GdipCreateFontFamilyFromName, GdipFree, GdipDrawImageRectRectI, GdipGetImageHeight, GdipGetImageWidth, GdipSetSmoothingMode
                                                KERNEL32.dllGetPrivateProfileIntW, InitializeCriticalSection, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GlobalReAlloc, GlobalHandle, LocalReAlloc, GlobalGetAtomNameW, GetFileAttributesExW, FlushFileBuffers, GetFullPathNameW, GetVolumeInformationW, LockFile, SetEndOfFile, UnlockFile, DuplicateHandle, GetCurrentThread, GetLocaleInfoW, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, GlobalFlags, VirtualProtect, GetCurrentDirectoryW, FindResourceExW, GetWindowsDirectoryW, GetTickCount64, VerSetConditionMask, VerifyVersionInfoW, GetProfileIntW, SearchPathW, GetUserDefaultLCID, WaitForSingleObjectEx, UnhandledExceptionFilter, IsProcessorFeaturePresent, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetThreadLocale, CompareStringW, GlobalFindAtomW, GlobalAddAtomW, lstrcmpW, GlobalDeleteAtom, LoadLibraryA, GetSystemDirectoryW, EncodePointer, LocalAlloc, LoadLibraryExW, GetModuleHandleA, OutputDebugStringA, SetLastError, MulDiv, LocalFree, GlobalSize, GetTickCount, SetEnvironmentVariableW, SetCurrentDirectoryW, GetCommandLineW, ExitProcess, GetVersion, GetFileSize, GlobalUnlock, GlobalLock, GlobalAlloc, QueryPerformanceCounter, QueryPerformanceFrequency, ResumeThread, GlobalFree, WritePrivateProfileStringW, GetPrivateProfileStringW, SystemTimeToTzSpecificLocalTime, GetTempFileNameW, GetTempPathW, GetFileSizeEx, ReadFile, MultiByteToWideChar, FindResourceW, LoadResource, LockResource, SizeofResource, SetEvent, ResetEvent, CreateEventW, WideCharToMultiByte, MoveFileExW, GetLocalTime, GetEnvironmentVariableW, InitializeCriticalSectionAndSpinCount, GetModuleHandleW, FormatMessageW, GetSystemInfo, SetUnhandledExceptionFilter, VirtualQuery, lstrcpyW, FreeLibrary, GetCurrentProcessId, FileTimeToLocalFileTime, CreateThread, FileTimeToSystemTime, OutputDebugStringW, GetCurrentThreadId, SetErrorMode, WriteFile, GetCurrentProcess, GetExitCodeProcess, CreateProcessW, K32EnumProcesses, Sleep, OpenProcess, WaitForSingleObject, K32GetModuleFileNameExW, TerminateProcess, GetFileTime, GetSystemTimeAsFileTime, CopyFileW, DeleteFileW, GetDiskFreeSpaceExW, SetFileAttributesW, GetFileAttributesW, CreateFileW, FindClose, SetFilePointer, GetModuleFileNameW, FindNextFileW, FindFirstFileW, CreateDirectoryW, GetProcAddress, LoadLibraryW, GetVersionExW, OpenMutexW, GetProcessHeap, DeleteCriticalSection, DecodePointer, HeapAlloc, CloseHandle, HeapReAlloc, GetLastError, HeapSize, InitializeCriticalSectionEx, CreateMutexW, LeaveCriticalSection, EnterCriticalSection, HeapFree, SetThreadPriority, lstrcmpA, RaiseException, GetStringTypeW, GetLocaleInfoEx, LCMapStringEx, CompareStringEx, GetCPInfo, RtlUnwind, ExitThread, FreeLibraryAndExitThread, GetModuleHandleExW, GetCommandLineA, SetStdHandle, GetFileType, HeapQueryInformation, VirtualAlloc, GetStdHandle, GetConsoleMode, ReadConsoleW, GetConsoleOutputCP, GetDateFormatW, GetTimeFormatW, LCMapStringW, IsValidLocale, EnumSystemLocalesW, SetFilePointerEx, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, lstrcmpiW, WriteConsoleW
                                                USER32.dllCreateMenu, GetWindowRgn, DestroyCursor, LoadAcceleratorsW, FrameRect, CopyIcon, SetCursorPos, BringWindowToTop, GetSystemMenu, IsZoomed, DrawFrameControl, DrawEdge, SetParent, SetWindowRgn, SetClassLongW, DrawStateW, EmptyClipboard, SetClipboardData, CloseClipboard, OpenClipboard, EnumDisplayMonitors, NotifyWinEvent, InvertRect, HideCaret, EnableScrollBar, GetIconInfo, DrawIconEx, DrawFocusRect, RegisterClipboardFormatW, GetMenuDefaultItem, CreatePopupMenu, MessageBeep, GetNextDlgGroupItem, DeleteMenu, WindowFromPoint, WaitMessage, LoadImageW, DestroyIcon, IsRectEmpty, SetRect, InvalidateRgn, CopyAcceleratorTableW, ReleaseCapture, SetCapture, IntersectRect, GetAsyncKeyState, RealChildWindowFromPoint, CopyImage, InflateRect, GetMenuItemInfoW, DestroyMenu, CharUpperW, LoadCursorW, GetSysColorBrush, SetCursor, ShowOwnedPopups, GetCursorPos, TranslateMessage, GetMessageW, MapDialogRect, SetWindowContextHelpId, PostQuitMessage, SetRectEmpty, SendDlgItemMessageA, GetWindowThreadProcessId, FillRect, ClientToScreen, GetWindowDC, TabbedTextOutW, GrayStringW, DrawTextExW, DrawTextW, OffsetRect, MapVirtualKeyW, GetKeyNameTextW, GetActiveWindow, GetNextDlgTabItem, EndDialog, CreateDialogIndirectParamW, SetMenuItemInfoW, SetMenuItemBitmaps, EnableMenuItem, CheckMenuItem, IsDialogMessageW, SetWindowTextW, IsWindowEnabled, CheckDlgButton, ShowWindow, GetMonitorInfoW, WinHelpW, GetScrollInfo, SetScrollInfo, CallNextHookEx, UnhookWindowsHookEx, SetWindowsHookExW, GetLastActivePopup, GetTopWindow, GetClassNameW, GetClassLongW, EqualRect, CopyRect, GetSysColor, ScreenToClient, AdjustWindowRectEx, GetWindowTextLengthW, GetWindowTextW, RemovePropW, GetPropW, SetPropW, ShowScrollBar, GetScrollRange, SetScrollRange, GetScrollPos, SetScrollPos, ScrollWindow, RedrawWindow, ValidateRect, EndPaint, BeginPaint, SetForegroundWindow, GetForegroundWindow, SetActiveWindow, UpdateWindow, TrackPopupMenu, SetMenu, GetMenu, GetCapture, GetKeyState, GetFocus, SetFocus, GetDlgCtrlID, GetDlgItem, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, SetWindowPlacement, GetWindowPlacement, DestroyWindow, IsChild, IsMenu, SubtractRect, IsWindow, CreateWindowExW, GetClassInfoExW, GetClassInfoW, RegisterClassW, CallWindowProcW, DefWindowProcW, PostMessageW, GetMessageTime, GetMessagePos, PeekMessageW, DispatchMessageW, GetParent, LoadMenuW, RemoveMenu, TranslateMDISysAccel, DefMDIChildProcW, DefFrameProcW, DrawMenuBar, GetUpdateRect, IsClipboardFormatAvailable, CharUpperBuffW, ModifyMenuW, GetDoubleClickTime, SetMenuDefaultItem, LockWindowUpdate, DestroyAcceleratorTable, CreateAcceleratorTableW, GetKeyboardState, ToUnicodeEx, AppendMenuW, InsertMenuW, MapVirtualKeyExW, IsCharLowerW, GetKeyboardLayout, GetComboBoxInfo, MonitorFromPoint, UnionRect, PostThreadMessageW, UnpackDDElParam, ReuseDDElParam, InsertMenuItemW, GetMenuCheckMarkDimensions, TranslateAcceleratorW, GetMenuItemCount, GetMenuItemID, GetSubMenu, GetMenuState, GetMenuStringW, DrawIcon, GetSystemMetrics, IsIconic, LoadIconW, ChangeDisplaySettingsW, RegisterWindowMessageW, LoadStringW, LoadBitmapW, SetTimer, KillTimer, UpdateLayeredWindow, SystemParametersInfoW, AdjustWindowRect, SetLayeredWindowAttributes, SendMessageW, SetWindowPos, IsWindowVisible, InvalidateRect, TrackMouseEvent, PtInRect, EnableWindow, MoveWindow, MapWindowPoints, GetWindowRect, GetWindow, GetClientRect, SetWindowLongW, GetWindowLongW, GetDC, MonitorFromWindow, GetDesktopWindow, EnumDisplaySettingsW, ReleaseDC, MessageBoxW, UnregisterClassW, CharNextW
                                                GDI32.dllMoveToEx, TextOutW, ExtTextOutW, SetMapMode, SetViewportExtEx, SetViewportOrgEx, SetWindowExtEx, SetWindowOrgEx, OffsetViewportOrgEx, OffsetWindowOrgEx, ScaleViewportExtEx, ScaleWindowExtEx, CreateFontIndirectW, GetTextExtentPoint32W, GetTextMetricsW, CombineRgn, GetMapMode, SetRectRgn, DPtoLP, GetRgnBox, EnumFontFamiliesExW, CreatePalette, GetNearestPaletteIndex, GetPaletteEntries, GetSystemPaletteEntries, RealizePalette, CreateCompatibleBitmap, CreateDIBitmap, EnumFontFamiliesW, GetTextCharsetInfo, SetPixel, StretchBlt, SetDIBColorTable, CreateEllipticRgn, Ellipse, CreatePolygonRgn, Polyline, CreateRoundRectRgn, LPtoDP, Rectangle, OffsetRgn, RoundRect, FillRgn, FrameRgn, GetBoundsRect, PtInRegion, ExtFloodFill, SetPaletteEntries, SetPixelV, GetWindowOrgEx, GetViewportOrgEx, GetTextFaceW, SetBkMode, SelectPalette, ExtSelectClipRgn, SelectClipRgn, SetTextAlign, SetROP2, Polygon, GetLayout, SaveDC, RestoreDC, RectVisible, PtVisible, LineTo, IntersectClipRect, GetWindowExtEx, GetViewportExtEx, GetPixel, GetObjectType, GetClipBox, ExcludeClipRect, Escape, CreateRectRgn, CreatePatternBrush, CreatePen, CreateHatchBrush, BitBlt, GetTextColor, GetStockObject, GetBkColor, PatBlt, CreateRectRgnIndirect, CreateBitmap, GetObjectW, SetTextColor, SetBkColor, CreateDCW, CopyMetaFileW, SelectObject, CreateCompatibleDC, CreateDIBSection, DeleteObject, CreateSolidBrush, SetLayout, GetDeviceCaps, DeleteDC, SetPolyFillMode
                                                MSIMG32.dllTransparentBlt, AlphaBlend
                                                WINSPOOL.DRVClosePrinter, OpenPrinterW, DocumentPropertiesW
                                                ADVAPI32.dllRegDeleteValueW, RegQueryValueExW, RegEnumKeyExW, RegEnumValueW, RegQueryValueW, RegEnumKeyW, RegOpenKeyExW, RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, RegCloseKey
                                                SHELL32.dllShellExecuteW, SHBrowseForFolderW, SHGetPathFromIDListW, SHGetSpecialFolderLocation, SHGetMalloc, SHGetDesktopFolder, SHAppBarMessage, DragFinish, DragQueryFileW, SHGetFileInfoW
                                                COMCTL32.dllInitCommonControlsEx
                                                SHLWAPI.dllPathFindExtensionW, PathFindFileNameW, PathIsUNCW, PathStripToRootW, StrFormatKBSizeW, PathRemoveFileSpecW
                                                UxTheme.dllGetThemePartSize, GetThemeSysColor, IsAppThemed, GetWindowTheme, IsThemeBackgroundPartiallyTransparent, GetCurrentThemeName, GetThemeColor, DrawThemeBackground, CloseThemeData, OpenThemeData, DrawThemeParentBackground, DrawThemeText
                                                ole32.dllCreateStreamOnHGlobal, CoInitializeEx, CoUninitialize, CoTaskMemFree, CoCreateInstance, CoTaskMemAlloc, OleDuplicateData, ReleaseStgMedium, CoCreateGuid, CLSIDFromString, CLSIDFromProgID, CoInitialize, CoDisconnectObject, CoGetClassObject, StgCreateDocfileOnILockBytes, StgOpenStorageOnILockBytes, CreateILockBytesOnHGlobal, CoFreeUnusedLibraries, OleInitialize, OleUninitialize, OleFlushClipboard, CoRevokeClassObject, IsAccelerator, OleTranslateAccelerator, OleDestroyMenuDescriptor, OleCreateMenuDescriptor, OleLockRunning, RevokeDragDrop, RegisterDragDrop, CoLockObjectExternal, OleGetClipboard, DoDragDrop, CoRegisterMessageFilter, OleIsCurrentClipboard
                                                OLEAUT32.dllVarBstrFromDate, VariantCopy, SafeArrayDestroy, VariantTimeToSystemTime, SystemTimeToVariantTime, SysStringLen, LoadTypeLib, OleCreateFontIndirect, VariantChangeType, VariantClear, SysAllocStringLen, SysFreeString, SysAllocString, VariantInit
                                                oledlg.dllOleUIBusyW
                                                OLEACC.dllAccessibleObjectFromWindow, LresultFromObject, CreateStdAccessibleObject
                                                IMM32.dllImmGetContext, ImmReleaseContext, ImmGetOpenStatus
                                                WINMM.dllPlaySoundW

                                                Possible Origin

                                                Language of compilation systemCountry where language is spokenMap
                                                ChineseChina
                                                EnglishUnited States

                                                Network Behavior

                                                Suricata IDS Alerts

                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                2025-01-06T12:36:56.743220+01002025644ET MALWARE Possible Metasploit Payload Common Construct Bind_API (from server)1167.99.38.22919348192.168.2.549704TCP

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Jan 6, 2025 12:36:52.050209045 CET49674443192.168.2.523.1.237.91
                                                Jan 6, 2025 12:36:52.050210953 CET49675443192.168.2.523.1.237.91
                                                Jan 6, 2025 12:36:52.143938065 CET49673443192.168.2.523.1.237.91
                                                Jan 6, 2025 12:36:55.671248913 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:55.676316023 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:55.676410913 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.324789047 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.365403891 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.446669102 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.446691990 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.446702003 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.446711063 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.446722031 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.446729898 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.446739912 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.446748972 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.446779966 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.446783066 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.446794033 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.446862936 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.463177919 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.463191986 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.463249922 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.463268042 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.463284969 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.463335037 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.533313036 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.533327103 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.533395052 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.533405066 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.533416033 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.533422947 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.533427000 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.533466101 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.533498049 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.533976078 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.533992052 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.534002066 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.534044981 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.534092903 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.534102917 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.534132004 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.534738064 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.534773111 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.534781933 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.534782887 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.534821033 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.535204887 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.535214901 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.535224915 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.535248995 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.559214115 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.559227943 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.559263945 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.559273005 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.559283018 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.559329033 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.559408903 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.559449911 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.559452057 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.559525013 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.559535980 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.559564114 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.559581041 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.559592009 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.559623957 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.612596035 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.620045900 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.620059013 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.620069981 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.620095015 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.620101929 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.620105028 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.620141983 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.620145082 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.620177031 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.620646000 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.620655060 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.620666027 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.620682001 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.620707989 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.620717049 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.620726109 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.620747089 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.620769024 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.621537924 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.621548891 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.621558905 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.621587992 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.621589899 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.621599913 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.621608973 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.621628046 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.621639967 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.622427940 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.622437000 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.622447968 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.622462988 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.653646946 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.653660059 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.653676987 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.653687000 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.653697014 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.653726101 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.653767109 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.653768063 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.653776884 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.653786898 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.653825998 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.653862000 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.653902054 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.654484034 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.654500008 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.654510021 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.654534101 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.654861927 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.654870987 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.654881954 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.654889107 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.654905081 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.654923916 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.655206919 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.655216932 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.655226946 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.655241013 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.655268908 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.655332088 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.655340910 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.655350924 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.655369997 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.655431986 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.655472040 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.655989885 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.656033993 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.656044006 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.656064987 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.656151056 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.656161070 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.656187057 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.688131094 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.688179970 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.688220978 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.725733995 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.725754023 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.725764990 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.725785017 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.725816965 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.725820065 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.725830078 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.725845098 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.725855112 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.725877047 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.725903988 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.726058006 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.726068020 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.726078033 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.726088047 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.726103067 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.726123095 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.726463079 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.726474047 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.726483107 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.726500988 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.726587057 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.726598024 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.726607084 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.726615906 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.726629972 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.726658106 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.727328062 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.727338076 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.727346897 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.727365971 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.727390051 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.727422953 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.727432013 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.727441072 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.727448940 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.727466106 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.727492094 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.728173971 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.728224039 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.728234053 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.728256941 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.740497112 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.740509987 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.740525007 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.740534067 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.740542889 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.740554094 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.740566015 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.740622044 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.740794897 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.740833998 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.740843058 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.740853071 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.740891933 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.740986109 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.740997076 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.741039038 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.741481066 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.741491079 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.741502047 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.741527081 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.741544962 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.741554022 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.741564035 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.741573095 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.741584063 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.741601944 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.742351055 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.742360115 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.742369890 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.742388010 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.742410898 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.742413998 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.742420912 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.742429972 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.742440939 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.742454052 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.742474079 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.743220091 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.743230104 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.743238926 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.743274927 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.743282080 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.743284941 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.743294001 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.743303061 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.743319035 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.743346930 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.744044065 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.744054079 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.744064093 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.744077921 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.744101048 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.744173050 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.744187117 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.744196892 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.744206905 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:56.744230032 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.744254112 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.808682919 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:56.813683033 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:57.089694023 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:57.143851042 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:57.168716908 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:57.173563004 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:57.453365088 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:57.503240108 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:57.592442036 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:57.597306013 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.125932932 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.125953913 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.125965118 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.126063108 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.126072884 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.126082897 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.126086950 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.126094103 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.126105070 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.126113892 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.126140118 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.126862049 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.126873016 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.126883030 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.126893997 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.126910925 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.126945972 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.203144073 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.203162909 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.203174114 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.203197002 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.203207970 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.203244925 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.203298092 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.203334093 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.203344107 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.203353882 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.203370094 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.203398943 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.203423977 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.203434944 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.203463078 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.203908920 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.203917980 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.203927040 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.203967094 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.203979015 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.203988075 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.203996897 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.204006910 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.204015017 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.204030037 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.204690933 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.204699993 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.204709053 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.204729080 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.204751968 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.204807043 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.204817057 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.204827070 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.204853058 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.204859018 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.204898119 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.205558062 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.205566883 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.205605030 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.280191898 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.280217886 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.280225992 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.280296087 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.280306101 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.280314922 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.280320883 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.280360937 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.280369043 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.280421972 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.280431032 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.280463934 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.280483007 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.280493975 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.280538082 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.281219959 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.281229019 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.281269073 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.281357050 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.281367064 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.281378031 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.281394958 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.281419039 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.281429052 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.281439066 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.281447887 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.281469107 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.281917095 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.281925917 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.281939983 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.281959057 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.281981945 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.282046080 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.282056093 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.282064915 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.282084942 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.282140017 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.282150984 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.282181025 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.282684088 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.282701015 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.282710075 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.282725096 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.282757044 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.282777071 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.282849073 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.282857895 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.282866955 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.282891035 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.282911062 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.282937050 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.282947063 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.282988071 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.283826113 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.283834934 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.283844948 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.283854008 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.283863068 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.283864975 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.283871889 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.283881903 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.283888102 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.283891916 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.283902884 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.283917904 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.283946037 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.284631968 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.284641981 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.284651995 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.284662008 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.284683943 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.284709930 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.289784908 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.289848089 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.357413054 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.357448101 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.357460976 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.357474089 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.357491970 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.357505083 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.357526064 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.357539892 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.357557058 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.357578993 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.357599974 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.357635975 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.357647896 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.357696056 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.357697964 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.357707977 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.357748985 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.358023882 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.358036041 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.358047009 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.358078003 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.358081102 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.358088970 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.358099937 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.358110905 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.358120918 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.358133078 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.358186007 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.358196974 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.358234882 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.358607054 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.358618975 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.358629942 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.358654022 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.358669996 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.358675003 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.358681917 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.358691931 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.358704090 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.358712912 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.358747005 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.358840942 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.358851910 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.358863115 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.358872890 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.358886957 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.358925104 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.359209061 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.359273911 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.359285116 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.359329939 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.359357119 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.359369040 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.359379053 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.359390020 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.359400988 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.359422922 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.359555960 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.359566927 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.359577894 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.359589100 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.359600067 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.359602928 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.359608889 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.359641075 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.359673023 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.359683990 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.359720945 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.360219955 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.360232115 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.360244036 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.360284090 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.360337973 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.360349894 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.360359907 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.360372066 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.360379934 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.360404015 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.360430002 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.360441923 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.360451937 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.360462904 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.360471964 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.360481024 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.360503912 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.360512972 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.366993904 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.409497023 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.425187111 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.429989100 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.430308104 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.784816980 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:58.831403017 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.852658987 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:58.857475042 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:59.135788918 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:59.190749884 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:59.191849947 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:59.196620941 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:59.473123074 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:59.518949986 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:59.535038948 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:59.540021896 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:59.814203024 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:36:59.862660885 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:59.862821102 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:36:59.867710114 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:00.152400970 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:00.206435919 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:00.206597090 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:00.211416960 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:00.211488008 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:00.565299988 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:00.612612963 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:00.665589094 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:00.670490026 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.125266075 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.125296116 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.125305891 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.125317097 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.125329018 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.125370979 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.125396013 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.125405073 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.125418901 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.125442028 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.125446081 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.125463963 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.125490904 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.125503063 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.125533104 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.125583887 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.125595093 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.125605106 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.125626087 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.125639915 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.202430964 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.202470064 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.202481985 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.202501059 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.202511072 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.202514887 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.202522039 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.202552080 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.202560902 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.202572107 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.202591896 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.202615976 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.202646971 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.202658892 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.202667952 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.202687979 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.202792883 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.202805042 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.202836990 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.202841997 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.202852011 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.202863932 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.202872992 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.202908039 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.241874933 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.241938114 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.241947889 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.241959095 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.241976976 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.241988897 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.241998911 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.242008924 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.242094994 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.242111921 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.242115974 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.242115974 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.242165089 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.279648066 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.279665947 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.279676914 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.279731989 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.279881001 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.279891968 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.279901981 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.279911995 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.279922962 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.279927969 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.279933929 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.279943943 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.279944897 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.279954910 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.279973030 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.279995918 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.280015945 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.280026913 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.280038118 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.280050039 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.280059099 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.280091047 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.280095100 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.280102968 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.280133009 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.280164003 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.280175924 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.280184984 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.280204058 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.280318975 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.280329943 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.280359030 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.331327915 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.395792007 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.400743008 CET1934849704167.99.38.229192.168.2.5
                                                Jan 6, 2025 12:37:01.655499935 CET49675443192.168.2.523.1.237.91
                                                Jan 6, 2025 12:37:01.659473896 CET49674443192.168.2.523.1.237.91
                                                Jan 6, 2025 12:37:01.710294008 CET4970419348192.168.2.5167.99.38.229
                                                Jan 6, 2025 12:37:01.753207922 CET49673443192.168.2.523.1.237.91
                                                Jan 6, 2025 12:37:03.403844118 CET4434970323.1.237.91192.168.2.5
                                                Jan 6, 2025 12:37:03.403928995 CET49703443192.168.2.523.1.237.91
                                                Jan 6, 2025 12:37:06.980700016 CET49713443192.168.2.5142.250.186.36
                                                Jan 6, 2025 12:37:06.980731010 CET44349713142.250.186.36192.168.2.5
                                                Jan 6, 2025 12:37:06.980812073 CET49713443192.168.2.5142.250.186.36
                                                Jan 6, 2025 12:37:06.981051922 CET49713443192.168.2.5142.250.186.36
                                                Jan 6, 2025 12:37:06.981062889 CET44349713142.250.186.36192.168.2.5
                                                Jan 6, 2025 12:37:07.632864952 CET44349713142.250.186.36192.168.2.5
                                                Jan 6, 2025 12:37:07.633167028 CET49713443192.168.2.5142.250.186.36
                                                Jan 6, 2025 12:37:07.633194923 CET44349713142.250.186.36192.168.2.5
                                                Jan 6, 2025 12:37:07.634175062 CET44349713142.250.186.36192.168.2.5
                                                Jan 6, 2025 12:37:07.634238958 CET49713443192.168.2.5142.250.186.36
                                                Jan 6, 2025 12:37:07.635521889 CET49713443192.168.2.5142.250.186.36
                                                Jan 6, 2025 12:37:07.635581970 CET44349713142.250.186.36192.168.2.5
                                                Jan 6, 2025 12:37:07.690382004 CET49713443192.168.2.5142.250.186.36
                                                Jan 6, 2025 12:37:07.690395117 CET44349713142.250.186.36192.168.2.5
                                                Jan 6, 2025 12:37:07.737250090 CET49713443192.168.2.5142.250.186.36
                                                Jan 6, 2025 12:37:13.978707075 CET49703443192.168.2.523.1.237.91
                                                Jan 6, 2025 12:37:13.979029894 CET49703443192.168.2.523.1.237.91
                                                Jan 6, 2025 12:37:13.979753971 CET49721443192.168.2.523.1.237.91
                                                Jan 6, 2025 12:37:13.979801893 CET4434972123.1.237.91192.168.2.5
                                                Jan 6, 2025 12:37:13.979918957 CET49721443192.168.2.523.1.237.91
                                                Jan 6, 2025 12:37:13.980266094 CET49721443192.168.2.523.1.237.91
                                                Jan 6, 2025 12:37:13.980281115 CET4434972123.1.237.91192.168.2.5
                                                Jan 6, 2025 12:37:13.983675957 CET4434970323.1.237.91192.168.2.5
                                                Jan 6, 2025 12:37:13.983854055 CET4434970323.1.237.91192.168.2.5
                                                Jan 6, 2025 12:37:14.561196089 CET4434972123.1.237.91192.168.2.5
                                                Jan 6, 2025 12:37:14.561280966 CET49721443192.168.2.523.1.237.91
                                                Jan 6, 2025 12:37:17.564270973 CET44349713142.250.186.36192.168.2.5
                                                Jan 6, 2025 12:37:17.564325094 CET44349713142.250.186.36192.168.2.5
                                                Jan 6, 2025 12:37:17.564449072 CET49713443192.168.2.5142.250.186.36
                                                Jan 6, 2025 12:37:18.958328962 CET49713443192.168.2.5142.250.186.36
                                                Jan 6, 2025 12:37:18.958353043 CET44349713142.250.186.36192.168.2.5
                                                Jan 6, 2025 12:37:33.711410999 CET4434972123.1.237.91192.168.2.5
                                                Jan 6, 2025 12:37:33.711479902 CET49721443192.168.2.523.1.237.91
                                                Jan 6, 2025 12:38:07.036056995 CET49990443192.168.2.5142.250.186.36
                                                Jan 6, 2025 12:38:07.036104918 CET44349990142.250.186.36192.168.2.5
                                                Jan 6, 2025 12:38:07.036220074 CET49990443192.168.2.5142.250.186.36
                                                Jan 6, 2025 12:38:07.036602020 CET49990443192.168.2.5142.250.186.36
                                                Jan 6, 2025 12:38:07.036623001 CET44349990142.250.186.36192.168.2.5
                                                Jan 6, 2025 12:38:07.673511028 CET44349990142.250.186.36192.168.2.5
                                                Jan 6, 2025 12:38:07.674119949 CET49990443192.168.2.5142.250.186.36
                                                Jan 6, 2025 12:38:07.674149990 CET44349990142.250.186.36192.168.2.5
                                                Jan 6, 2025 12:38:07.674632072 CET44349990142.250.186.36192.168.2.5
                                                Jan 6, 2025 12:38:07.674932003 CET49990443192.168.2.5142.250.186.36
                                                Jan 6, 2025 12:38:07.675010920 CET44349990142.250.186.36192.168.2.5
                                                Jan 6, 2025 12:38:07.721878052 CET49990443192.168.2.5142.250.186.36
                                                Jan 6, 2025 12:38:17.601957083 CET44349990142.250.186.36192.168.2.5
                                                Jan 6, 2025 12:38:17.602020025 CET44349990142.250.186.36192.168.2.5
                                                Jan 6, 2025 12:38:17.602087975 CET49990443192.168.2.5142.250.186.36
                                                Jan 6, 2025 12:38:18.951224089 CET49990443192.168.2.5142.250.186.36
                                                Jan 6, 2025 12:38:18.951248884 CET44349990142.250.186.36192.168.2.5

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Jan 6, 2025 12:37:02.478837967 CET5303953192.168.2.51.1.1.1
                                                Jan 6, 2025 12:37:02.478837967 CET4998853192.168.2.51.1.1.1
                                                Jan 6, 2025 12:37:02.486823082 CET53603241.1.1.1192.168.2.5
                                                Jan 6, 2025 12:37:02.489363909 CET53499881.1.1.1192.168.2.5
                                                Jan 6, 2025 12:37:02.525500059 CET53614881.1.1.1192.168.2.5
                                                Jan 6, 2025 12:37:02.595172882 CET53530391.1.1.1192.168.2.5
                                                Jan 6, 2025 12:37:02.603580952 CET5041653192.168.2.51.1.1.1
                                                Jan 6, 2025 12:37:02.637243986 CET53504161.1.1.1192.168.2.5
                                                Jan 6, 2025 12:37:02.696496964 CET6098953192.168.2.58.8.8.8
                                                Jan 6, 2025 12:37:02.696935892 CET5179753192.168.2.51.1.1.1
                                                Jan 6, 2025 12:37:02.703561068 CET53609898.8.8.8192.168.2.5
                                                Jan 6, 2025 12:37:02.703886032 CET53517971.1.1.1192.168.2.5
                                                Jan 6, 2025 12:37:03.590411901 CET53541681.1.1.1192.168.2.5
                                                Jan 6, 2025 12:37:03.843064070 CET6421853192.168.2.51.1.1.1
                                                Jan 6, 2025 12:37:03.843816042 CET6181053192.168.2.51.1.1.1
                                                Jan 6, 2025 12:37:04.245201111 CET53642181.1.1.1192.168.2.5
                                                Jan 6, 2025 12:37:04.261646032 CET53618101.1.1.1192.168.2.5
                                                Jan 6, 2025 12:37:06.972354889 CET5448753192.168.2.51.1.1.1
                                                Jan 6, 2025 12:37:06.972486019 CET5533853192.168.2.51.1.1.1
                                                Jan 6, 2025 12:37:06.979794979 CET53553381.1.1.1192.168.2.5
                                                Jan 6, 2025 12:37:06.979824066 CET53544871.1.1.1192.168.2.5
                                                Jan 6, 2025 12:37:09.280651093 CET6428453192.168.2.51.1.1.1
                                                Jan 6, 2025 12:37:09.280941010 CET6535053192.168.2.51.1.1.1
                                                Jan 6, 2025 12:37:09.463412046 CET53653501.1.1.1192.168.2.5
                                                Jan 6, 2025 12:37:09.463660002 CET53642841.1.1.1192.168.2.5
                                                Jan 6, 2025 12:37:09.464975119 CET5564153192.168.2.51.1.1.1
                                                Jan 6, 2025 12:37:09.642430067 CET53556411.1.1.1192.168.2.5
                                                Jan 6, 2025 12:37:20.528959990 CET53501561.1.1.1192.168.2.5
                                                Jan 6, 2025 12:37:39.621766090 CET53624671.1.1.1192.168.2.5
                                                Jan 6, 2025 12:37:39.655119896 CET6429253192.168.2.51.1.1.1
                                                Jan 6, 2025 12:37:39.655997038 CET5829753192.168.2.51.1.1.1
                                                Jan 6, 2025 12:37:39.844820976 CET53582971.1.1.1192.168.2.5
                                                Jan 6, 2025 12:37:39.845695972 CET53642921.1.1.1192.168.2.5
                                                Jan 6, 2025 12:37:39.846292973 CET5916853192.168.2.51.1.1.1
                                                Jan 6, 2025 12:37:39.857008934 CET53591681.1.1.1192.168.2.5
                                                Jan 6, 2025 12:37:54.706976891 CET5607353192.168.2.51.1.1.1
                                                Jan 6, 2025 12:37:54.885160923 CET53560731.1.1.1192.168.2.5
                                                Jan 6, 2025 12:38:02.090992928 CET53509161.1.1.1192.168.2.5
                                                Jan 6, 2025 12:38:02.372384071 CET53526431.1.1.1192.168.2.5
                                                Jan 6, 2025 12:38:32.169794083 CET53614821.1.1.1192.168.2.5
                                                Jan 6, 2025 12:38:39.868320942 CET6476953192.168.2.51.1.1.1
                                                Jan 6, 2025 12:38:39.868505001 CET4940253192.168.2.51.1.1.1
                                                Jan 6, 2025 12:38:39.960879087 CET53494021.1.1.1192.168.2.5
                                                Jan 6, 2025 12:38:39.960897923 CET53647691.1.1.1192.168.2.5
                                                Jan 6, 2025 12:38:39.961744070 CET6244353192.168.2.51.1.1.1
                                                Jan 6, 2025 12:38:40.057302952 CET53624431.1.1.1192.168.2.5

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Jan 6, 2025 12:37:02.478837967 CET192.168.2.51.1.1.10xac1eStandard query (0)blood-strike.comA (IP address)IN (0x0001)false
                                                Jan 6, 2025 12:37:02.478837967 CET192.168.2.51.1.1.10x2358Standard query (0)blood-strike.com65IN (0x0001)false
                                                Jan 6, 2025 12:37:02.603580952 CET192.168.2.51.1.1.10xa70cStandard query (0)blood-strike.comA (IP address)IN (0x0001)false
                                                Jan 6, 2025 12:37:02.696496964 CET192.168.2.58.8.8.80x2ddStandard query (0)google.comA (IP address)IN (0x0001)false
                                                Jan 6, 2025 12:37:02.696935892 CET192.168.2.51.1.1.10xbde4Standard query (0)google.comA (IP address)IN (0x0001)false
                                                Jan 6, 2025 12:37:03.843064070 CET192.168.2.51.1.1.10x32b8Standard query (0)blood-strike.comA (IP address)IN (0x0001)false
                                                Jan 6, 2025 12:37:03.843816042 CET192.168.2.51.1.1.10x94ddStandard query (0)blood-strike.com65IN (0x0001)false
                                                Jan 6, 2025 12:37:06.972354889 CET192.168.2.51.1.1.10x66bStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                Jan 6, 2025 12:37:06.972486019 CET192.168.2.51.1.1.10x64f8Standard query (0)www.google.com65IN (0x0001)false
                                                Jan 6, 2025 12:37:09.280651093 CET192.168.2.51.1.1.10x4701Standard query (0)blood-strike.comA (IP address)IN (0x0001)false
                                                Jan 6, 2025 12:37:09.280941010 CET192.168.2.51.1.1.10xe354Standard query (0)blood-strike.com65IN (0x0001)false
                                                Jan 6, 2025 12:37:09.464975119 CET192.168.2.51.1.1.10xf68eStandard query (0)blood-strike.comA (IP address)IN (0x0001)false
                                                Jan 6, 2025 12:37:39.655119896 CET192.168.2.51.1.1.10x19cdStandard query (0)blood-strike.comA (IP address)IN (0x0001)false
                                                Jan 6, 2025 12:37:39.655997038 CET192.168.2.51.1.1.10xb42aStandard query (0)blood-strike.com65IN (0x0001)false
                                                Jan 6, 2025 12:37:39.846292973 CET192.168.2.51.1.1.10xc917Standard query (0)blood-strike.comA (IP address)IN (0x0001)false
                                                Jan 6, 2025 12:37:54.706976891 CET192.168.2.51.1.1.10x4e8eStandard query (0)blood-strike.comA (IP address)IN (0x0001)false
                                                Jan 6, 2025 12:38:39.868320942 CET192.168.2.51.1.1.10x6baStandard query (0)blood-strike.comA (IP address)IN (0x0001)false
                                                Jan 6, 2025 12:38:39.868505001 CET192.168.2.51.1.1.10x4aacStandard query (0)blood-strike.com65IN (0x0001)false
                                                Jan 6, 2025 12:38:39.961744070 CET192.168.2.51.1.1.10x60c5Standard query (0)blood-strike.comA (IP address)IN (0x0001)false

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Jan 6, 2025 12:37:02.703561068 CET8.8.8.8192.168.2.50x2ddNo error (0)google.com142.250.186.142A (IP address)IN (0x0001)false
                                                Jan 6, 2025 12:37:02.703886032 CET1.1.1.1192.168.2.50xbde4No error (0)google.com142.250.185.174A (IP address)IN (0x0001)false
                                                Jan 6, 2025 12:37:06.979794979 CET1.1.1.1192.168.2.50x64f8No error (0)www.google.com65IN (0x0001)false
                                                Jan 6, 2025 12:37:06.979824066 CET1.1.1.1192.168.2.50x66bNo error (0)www.google.com142.250.186.36A (IP address)IN (0x0001)false

                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:06:36:54
                                                Start date:06/01/2025
                                                Path:C:\Users\user\Desktop\HACK-GAMER.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user\Desktop\HACK-GAMER.exe"
                                                Imagebase:0x400000
                                                File size:4'721'152 bytes
                                                MD5 hash:3C6DAB4377F2D4DAB30095F2D5167795
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000000.00000000.2018490546.000000000075B000.00000080.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Metasploit_4a1c4da8, Description: Identifies Metasploit 64 bit reverse tcp shellcode., Source: 00000000.00000000.2018490546.000000000075B000.00000080.00000001.01000000.00000003.sdmp, Author: unknown
                                                • Rule: Windows_Trojan_Metasploit_38b8ceec, Description: Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon)., Source: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000000.00000002.2077575749.000000000075B000.00000080.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Metasploit_4a1c4da8, Description: Identifies Metasploit 64 bit reverse tcp shellcode., Source: 00000000.00000002.2077575749.000000000075B000.00000080.00000001.01000000.00000003.sdmp, Author: unknown
                                                • Rule: JoeSecurity_Meterpreter, Description: Yara detected Meterpreter, Source: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Metasploit_38b8ceec, Description: Identifies the API address lookup function used by metasploit. Also used by other tools (like beacon)., Source: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                • Rule: Windows_Trojan_Metasploit_7bc0f998, Description: Identifies the API address lookup function leverage by metasploit shellcode, Source: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                • Rule: Windows_Trojan_Metasploit_c9773203, Description: Identifies the 64 bit API hashing function used by Metasploit. This has been re-used by many other malware families., Source: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                • Rule: MALWARE_Win_Meterpreter, Description: Detects Meterpreter payload, Source: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                Reputation:low
                                                Has exited:true

                                                General

                                                Target ID:2
                                                Start time:06:37:00
                                                Start date:06/01/2025
                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://blood-strike.com/
                                                Imagebase:0x7ff715980000
                                                File size:3'242'272 bytes
                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:false

                                                General

                                                Target ID:4
                                                Start time:06:37:01
                                                Start date:06/01/2025
                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                Wow64 process (32bit):false
                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 --field-trial-handle=2272,i,13844341092092372292,10383274001223032327,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                Imagebase:0x7ff715980000
                                                File size:3'242'272 bytes
                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high
                                                Has exited:false

                                                Disassembly

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:1.7%
                                                  Dynamic/Decrypted Code Coverage:98.9%
                                                  Signature Coverage:16.1%
                                                  Total number of Nodes:991
                                                  Total number of Limit Nodes:14
                                                  execution_graph 62315 28e42fa 62316 28e4308 62315->62316 62317 28e4303 62315->62317 62321 28e431d 62316->62321 62333 28e8ffc GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 62317->62333 62320 28e4316 62322 28e4329 __mtinitlocknum 62321->62322 62327 28e4377 62322->62327 62332 28e43d4 __mtinitlocknum 62322->62332 62338 28e4188 62322->62338 62326 28e43b1 62329 28e4188 __CRT_INIT@12 138 API calls 62326->62329 62326->62332 62327->62332 62334 28d5bd3 62327->62334 62328 28d5bd3 ___DllMainCRTStartup 366 API calls 62330 28e43a7 62328->62330 62329->62332 62331 28e4188 __CRT_INIT@12 138 API calls 62330->62331 62331->62326 62332->62320 62333->62316 62335 28d5bdf 62334->62335 62336 28d5be4 62334->62336 62335->62336 62389 28d5b73 62335->62389 62336->62326 62336->62328 62339 28e4194 __mtinitlocknum 62338->62339 62340 28e419c 62339->62340 62341 28e4216 62339->62341 63364 28e44d8 GetProcessHeap 62340->63364 62343 28e427f 62341->62343 62344 28e421a 62341->62344 62346 28e4284 62343->62346 62347 28e42e2 62343->62347 62349 28e423b 62344->62349 62381 28e41a5 __mtinitlocknum __CRT_INIT@12 62344->62381 63373 28e469b 59 API calls _doexit 62344->63373 62345 28e41a1 62345->62381 63365 28e62ab 100 API calls 7 library calls 62345->63365 62348 28e9162 __freeptd TlsGetValue 62346->62348 62347->62381 63356 28e613b 62347->63356 62351 28e428f 62348->62351 63374 28e4572 61 API calls _free 62349->63374 62351->62381 63378 28e94d5 59 API calls 2 library calls 62351->63378 62355 28e41b1 __RTC_Initialize 62363 28e41c1 GetCommandLineA 62355->62363 62355->62381 62356 28e4240 62358 28e4251 __CRT_INIT@12 62356->62358 63375 28e8c9a 60 API calls _free 62356->63375 63377 28e426a 62 API calls __mtterm 62358->63377 62359 28e42a0 62359->62381 63379 28e9181 TlsSetValue 62359->63379 62362 28e424c 63376 28e6321 62 API calls 2 library calls 62362->63376 63366 28e9098 64 API calls 2 library calls 62363->63366 62367 28e42b8 62369 28e42be 62367->62369 62370 28e42d6 62367->62370 62368 28e41d1 63367 28e89e6 63 API calls 5 library calls 62368->63367 63380 28e61f8 59 API calls 4 library calls 62369->63380 62373 28e0078 _free 59 API calls 62370->62373 62373->62381 62374 28e41db 62376 28e41df 62374->62376 62377 28e41e6 62374->62377 62375 28e42c6 GetCurrentThreadId 62375->62381 63368 28e6321 62 API calls 2 library calls 62376->63368 63369 28e8cec 72 API calls 3 library calls 62377->63369 62380 28e41eb 62382 28e41ff 62380->62382 63370 28e8f1b 71 API calls 6 library calls 62380->63370 62381->62327 62388 28e4204 62382->62388 63372 28e8c9a 60 API calls _free 62382->63372 62385 28e41f4 62385->62382 63371 28e46aa 69 API calls 4 library calls 62385->63371 62386 28e4214 62386->62376 62388->62381 62390 28d5b8e 62389->62390 62391 28d5b82 GetModuleHandleW 62389->62391 62400 28d7d0f 62390->62400 62391->62390 62393 28d5b98 62394 28d5bcb ExitThread 62393->62394 62395 28d5ba4 62393->62395 62396 28d5bad 62395->62396 62397 28d5bc4 ExitProcess 62395->62397 62398 28d5bbe 62396->62398 62399 28d5bb7 SetUnhandledExceptionFilter 62396->62399 62398->62336 62399->62398 62401 28d7d1e _memset ___DllMainCRTStartup 62400->62401 62456 28da796 LoadLibraryA GetProcAddress 62401->62456 62405 28d7d5e 62460 28e0dfd 62405->62460 62411 28d7d79 62412 28d7d7f SetLastError 62411->62412 62496 28d5466 GetSystemTime SystemTimeToFileTime 62411->62496 62450 28d7fab 62412->62450 62415 28d7d9a 62498 28d8185 62415->62498 62417 28d7fb1 62585 28d1109 WaitForSingleObject ReleaseMutex WaitForSingleObject ___DllMainCRTStartup 62417->62585 62420 28d7fb6 62586 28d6619 63 API calls 3 library calls 62420->62586 62426 28d7fbc ___DllMainCRTStartup 62426->62393 62427 28d7e0e 62519 28e00b0 62427->62519 62431 28d7e24 OpenThreadToken 62432 28d7e4f 62431->62432 62433 28d7e40 GetCurrentProcess OpenProcessToken 62431->62433 62550 28d6d99 62432->62550 62433->62432 62436 28d7e61 62554 28d7feb 62436->62554 62440 28d7e9d 62441 28e0b7b ___DllMainCRTStartup 59 API calls 62440->62441 62442 28d7eac GetCurrentThreadId GetThreadDesktop GetUserObjectInformationA 62441->62442 62443 28e0b7b ___DllMainCRTStartup 59 API calls 62442->62443 62444 28d7ed9 62443->62444 62445 28e0b7b ___DllMainCRTStartup 59 API calls 62444->62445 62446 28d7ee8 62445->62446 62447 28d5466 ___DllMainCRTStartup 2 API calls 62446->62447 62454 28d7ef2 62447->62454 62449 28d7f92 ___DllMainCRTStartup 62583 28d69cb 62 API calls 2 library calls 62449->62583 62584 28d6dc2 65 API calls ___DllMainCRTStartup 62450->62584 62451 28d7f79 62451->62454 62581 28d5423 Sleep Sleep 62451->62581 62454->62449 62454->62451 62572 28d9144 62454->62572 62582 28d6105 61 API calls _free 62454->62582 62457 28d7d58 62456->62457 62458 28e19d7 GetSystemTimeAsFileTime 62457->62458 62459 28e1a05 __aulldiv 62458->62459 62459->62405 62587 28e6171 62460->62587 62463 28da645 62464 28e00b0 _malloc 59 API calls 62463->62464 62465 28da653 62464->62465 62466 28d7d6f 62465->62466 62467 28da65e _memset 62465->62467 62476 28d65af 62466->62476 62468 28da669 GetCurrentThreadId 62467->62468 62620 28da5a7 62468->62620 62470 28da679 LoadLibraryA GetProcAddress 62471 28da69c 62470->62471 62472 28da6a9 LoadLibraryA GetProcAddress 62470->62472 62475 28da700 FreeLibrary 62471->62475 62473 28da6c9 62472->62473 62474 28da6f7 FreeLibrary 62472->62474 62473->62474 62474->62475 62475->62466 62628 28e0911 62476->62628 62481 28d65e5 62483 28d65ef 62481->62483 62642 28da559 62481->62642 62482 28d65c6 62482->62483 62484 28d65ca 62482->62484 62486 28d65fe 62483->62486 62648 28d6408 59 API calls 2 library calls 62483->62648 62640 28d632f 59 API calls _calloc 62484->62640 62489 28d660d 62486->62489 62649 28d6408 59 API calls 2 library calls 62486->62649 62492 28e0078 _free 59 API calls 62489->62492 62490 28d65d6 62641 28d632f 59 API calls _calloc 62490->62641 62495 28d6614 62492->62495 62494 28d65de 62494->62411 62495->62411 62497 28d54a3 __aulldiv 62496->62497 62497->62415 62499 28d8194 62498->62499 62500 28d7dc1 62499->62500 62665 28d80c1 62 API calls ___DllMainCRTStartup 62499->62665 62500->62412 62502 28d6971 62500->62502 62666 28d4bd3 62502->62666 62504 28d6978 62674 28d11d7 62504->62674 62509 28e00b0 _malloc 59 API calls 62511 28d6995 _memset 62509->62511 62510 28d69c5 62513 28d805c 62510->62513 62511->62510 62681 28d4db9 61 API calls 2 library calls 62511->62681 62514 28d808e 62513->62514 62515 28d8065 62514->62515 62517 28d8094 ___DllMainCRTStartup 62514->62517 62515->62514 62698 28d50fc 62515->62698 62704 28d6805 78 API calls 4 library calls 62515->62704 62517->62427 62520 28e012b 62519->62520 62525 28e00bc 62519->62525 62711 28e44f5 DecodePointer 62520->62711 62522 28e0131 62712 28e4484 59 API calls __getptd_noexit 62522->62712 62523 28e00c7 62523->62525 62705 28e4913 59 API calls 2 library calls 62523->62705 62706 28e4970 59 API calls 6 library calls 62523->62706 62707 28e455c GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 62523->62707 62525->62523 62527 28e00ef RtlAllocateHeap 62525->62527 62530 28e0117 62525->62530 62534 28e0115 62525->62534 62708 28e44f5 DecodePointer 62525->62708 62527->62525 62529 28d7e18 62527->62529 62536 28e3478 62529->62536 62709 28e4484 59 API calls __getptd_noexit 62530->62709 62710 28e4484 59 API calls __getptd_noexit 62534->62710 62537 28e3487 62536->62537 62546 28e3483 _memmove 62536->62546 62538 28e348e 62537->62538 62539 28e34a1 _memset 62537->62539 62713 28e4484 59 API calls __getptd_noexit 62538->62713 62543 28e34cf 62539->62543 62544 28e34d8 62539->62544 62539->62546 62541 28e3493 62714 28e54e1 9 API calls __wctomb_s_l 62541->62714 62715 28e4484 59 API calls __getptd_noexit 62543->62715 62544->62546 62716 28e4484 59 API calls __getptd_noexit 62544->62716 62546->62431 62547 28e34d4 62717 28e54e1 9 API calls __wctomb_s_l 62547->62717 62551 28d6da9 62550->62551 62552 28d6da4 62550->62552 62553 28d4bd3 ___DllMainCRTStartup 63 API calls 62551->62553 62552->62412 62552->62436 62553->62552 62555 28d7ffd LoadLibraryA 62554->62555 62556 28d802a GetCurrentProcessId ProcessIdToSessionId 62554->62556 62558 28d800e GetProcAddress 62555->62558 62559 28d8021 62555->62559 62557 28d8049 62556->62557 62560 28d804d FreeLibrary 62557->62560 62561 28d7e6b GetProcessWindowStation GetUserObjectInformationA 62557->62561 62558->62559 62559->62556 62559->62557 62560->62561 62562 28e0b7b 62561->62562 62563 28e0b88 __shift 62562->62563 62564 28e0b84 62562->62564 62565 28e00b0 _malloc 59 API calls 62563->62565 62564->62440 62566 28e0b9b 62565->62566 62567 28e0bb4 62566->62567 62718 28e551c 59 API calls 2 library calls 62566->62718 62567->62440 62569 28e0bad 62569->62567 62719 28e54f1 8 API calls 2 library calls 62569->62719 62571 28e0bca 62573 28d5466 ___DllMainCRTStartup 2 API calls 62572->62573 62574 28d9166 62573->62574 62578 28d5466 GetSystemTime SystemTimeToFileTime ___DllMainCRTStartup 62574->62578 62580 28d91de 62574->62580 62720 28da627 62574->62720 62723 28d8ead 62574->62723 62728 28d8f17 62574->62728 62763 28d1136 62574->62763 62578->62574 62580->62454 62581->62451 62582->62454 62583->62450 62584->62417 62585->62420 62586->62426 62592 28e6189 GetLastError 62587->62592 62589 28e6177 62590 28d7d64 62589->62590 62606 28e467f 59 API calls 3 library calls 62589->62606 62590->62463 62607 28e9162 62592->62607 62594 28e619e 62595 28e61ec SetLastError 62594->62595 62610 28e94d5 59 API calls 2 library calls 62594->62610 62595->62589 62597 28e61b1 62597->62595 62611 28e9181 TlsSetValue 62597->62611 62599 28e61c5 62600 28e61cb 62599->62600 62601 28e61e3 62599->62601 62612 28e61f8 59 API calls 4 library calls 62600->62612 62613 28e0078 62601->62613 62604 28e61e9 62604->62595 62605 28e61d3 GetCurrentThreadId 62605->62595 62608 28e9179 TlsGetValue 62607->62608 62609 28e9175 62607->62609 62608->62594 62609->62594 62610->62597 62611->62599 62612->62605 62614 28e0081 RtlFreeHeap 62613->62614 62618 28e00aa _free 62613->62618 62615 28e0096 62614->62615 62614->62618 62619 28e4484 59 API calls __getptd_noexit 62615->62619 62617 28e009c GetLastError 62617->62618 62618->62604 62619->62617 62621 28e00b0 _malloc 59 API calls 62620->62621 62622 28da5af _memset 62621->62622 62623 28da5b6 62622->62623 62624 28da5c6 CreateEventW 62622->62624 62623->62470 62625 28da5da 62624->62625 62626 28da5e3 62624->62626 62627 28e0078 _free 59 API calls 62625->62627 62626->62470 62627->62623 62650 28e5242 62628->62650 62631 28d65b9 62635 28da52b 62631->62635 62633 28e093c 62633->62631 62659 28e4484 59 API calls __getptd_noexit 62633->62659 62636 28e00b0 _malloc 59 API calls 62635->62636 62637 28da533 _memset 62636->62637 62638 28d65c2 62637->62638 62639 28da546 CreateMutexW 62637->62639 62638->62481 62638->62482 62639->62638 62640->62490 62641->62494 62643 28da564 62642->62643 62647 28da579 62642->62647 62662 28da593 62643->62662 62646 28e0078 _free 59 API calls 62646->62647 62647->62483 62648->62486 62649->62489 62651 28e524d 62650->62651 62656 28e5268 62650->62656 62652 28e5259 62651->62652 62651->62656 62660 28e4484 59 API calls __getptd_noexit 62652->62660 62654 28e5278 RtlAllocateHeap 62655 28e0929 62654->62655 62654->62656 62655->62631 62658 28e4484 59 API calls __getptd_noexit 62655->62658 62656->62654 62656->62655 62661 28e44f5 DecodePointer 62656->62661 62658->62633 62659->62631 62660->62655 62661->62656 62663 28da59d ReleaseMutex 62662->62663 62664 28da56a CloseHandle 62662->62664 62663->62664 62664->62646 62665->62499 62667 28e00b0 _malloc 59 API calls 62666->62667 62668 28d4bdb 62667->62668 62669 28d4c03 62668->62669 62670 28da52b ___DllMainCRTStartup 60 API calls 62668->62670 62669->62504 62671 28d4bf1 62670->62671 62671->62669 62682 28d4c07 62671->62682 62675 28d1000 ___DllMainCRTStartup 59 API calls 62674->62675 62676 28d11e1 62675->62676 62677 28d1000 62676->62677 62678 28d100e 62677->62678 62679 28d1025 62677->62679 62678->62679 62697 28d1052 59 API calls 2 library calls 62678->62697 62679->62509 62681->62510 62683 28d4c12 62682->62683 62693 28d4bfe 62682->62693 62694 28da57d 62683->62694 62685 28d4c1a 62687 28e0078 _free 59 API calls 62685->62687 62690 28d4c38 62685->62690 62686 28da593 ___DllMainCRTStartup ReleaseMutex 62688 28d4c45 62686->62688 62687->62685 62689 28da559 ___DllMainCRTStartup 61 API calls 62688->62689 62691 28d4c4d 62689->62691 62690->62686 62692 28e0078 _free 59 API calls 62691->62692 62692->62693 62693->62504 62695 28da587 WaitForSingleObject 62694->62695 62696 28da591 62694->62696 62695->62696 62696->62685 62697->62678 62699 28d5108 ___DllMainCRTStartup 62698->62699 62700 28d5176 ___DllMainCRTStartup 62699->62700 62701 28d5131 VirtualProtect 62699->62701 62700->62515 62701->62700 62703 28d514a VirtualProtect 62701->62703 62703->62700 62704->62515 62705->62523 62706->62523 62708->62525 62709->62534 62710->62529 62711->62522 62712->62529 62713->62541 62714->62546 62715->62547 62716->62547 62717->62546 62718->62569 62719->62571 62721 28da631 62720->62721 62722 28da633 WaitForSingleObject 62720->62722 62721->62574 62722->62574 62724 28da57d ___DllMainCRTStartup WaitForSingleObject 62723->62724 62725 28d8ec9 select 62724->62725 62726 28da593 ___DllMainCRTStartup ReleaseMutex 62725->62726 62727 28d8f0e 62726->62727 62727->62574 62729 28d8f24 __write_nolock 62728->62729 62730 28da57d ___DllMainCRTStartup WaitForSingleObject 62729->62730 62731 28d8f57 62730->62731 62732 28d8f5f recv 62731->62732 62733 28d8f91 62731->62733 62732->62731 62734 28d9043 62732->62734 62735 28d911c GetLastError 62733->62735 62739 28d8fa0 62733->62739 62748 28d8ffe _memmove 62733->62748 62734->62735 62736 28d9116 SetLastError 62734->62736 62737 28d912e 62735->62737 62738 28d9128 62735->62738 62736->62735 62740 28da593 ___DllMainCRTStartup ReleaseMutex 62737->62740 62741 28e0078 _free 59 API calls 62738->62741 62743 28d8ff1 SetLastError 62739->62743 62744 28d8fb0 recv 62739->62744 62742 28d913a 62740->62742 62741->62737 62742->62574 62747 28d90fe 62743->62747 62745 28d8ffa 62744->62745 62746 28d8fd5 GetLastError 62744->62746 62745->62739 62746->62739 62749 28d8fe2 SetLastError 62746->62749 62747->62735 62750 28d901c htonl 62748->62750 62749->62735 62749->62743 62751 28e00b0 _malloc 59 API calls 62750->62751 62752 28d903c 62751->62752 62752->62734 62753 28e3478 _memcpy_s 59 API calls 62752->62753 62756 28d9058 62753->62756 62754 28d9065 recv 62755 28d907e GetLastError 62754->62755 62754->62756 62755->62734 62755->62756 62756->62754 62757 28d90a8 _memcmp 62756->62757 62757->62735 62758 28d9105 62757->62758 62760 28d90d6 62757->62760 62785 28d5c13 62758->62785 62760->62735 62808 28d62d0 312 API calls 62760->62808 62762 28d90f2 SetLastError 62762->62747 62832 28d3def 62763->62832 62765 28d114c 62766 28d1191 62765->62766 62767 28d1161 62765->62767 62783 28d1179 62765->62783 62835 28d1212 62766->62835 62855 28d384b 62767->62855 62772 28d11c1 62879 28d137a 62772->62879 62773 28d116c 62869 28d3a39 htonl 62773->62869 62774 28d117b 62872 28d3f4b 62774->62872 62775 28d11a2 62838 28da70f 62775->62838 62780 28d1186 62782 28d38f9 62 API calls 62780->62782 62782->62783 62783->62574 62786 28d5c33 62785->62786 62787 28e0911 _calloc 59 API calls 62786->62787 62788 28d5c3c 62787->62788 62789 28d5c4d htonl 62788->62789 62804 28d5c45 62788->62804 62790 28d5d18 htonl 62789->62790 62791 28d5c64 62789->62791 62792 28e00b0 _malloc 59 API calls 62790->62792 62791->62790 62796 28d5c75 htonl CryptDuplicateKey 62791->62796 62795 28d5d3c 62792->62795 62793 28d5d7c 62793->62734 62794 28d5d73 CryptDestroyKey 62794->62793 62799 28e3478 _memcpy_s 59 API calls 62795->62799 62801 28d5d46 62795->62801 62797 28d5c9d GetLastError 62796->62797 62798 28d5caa CryptSetKeyParam 62796->62798 62797->62801 62798->62797 62800 28d5cc5 CryptSetKeyParam 62798->62800 62799->62801 62800->62797 62803 28d5cd9 CryptDecrypt 62800->62803 62801->62804 62810 28d38f9 62801->62810 62803->62797 62805 28d5cf2 62803->62805 62804->62793 62804->62794 62809 28e34f7 59 API calls 3 library calls 62805->62809 62807 28d5d05 htonl 62807->62790 62808->62762 62809->62807 62812 28d3904 _memset 62810->62812 62818 28d397e 62810->62818 62814 28e0078 _free 59 API calls 62812->62814 62816 28d391f 62812->62816 62813 28d396c _memset 62815 28e0078 _free 59 API calls 62813->62815 62814->62816 62815->62818 62816->62813 62823 28d4e16 62816->62823 62817 28d3964 62819 28d4c07 ___DllMainCRTStartup 62 API calls 62817->62819 62818->62804 62819->62813 62820 28e0078 59 API calls _free 62821 28d3931 _memset 62820->62821 62821->62817 62821->62820 62822 28d4e16 ___DllMainCRTStartup 61 API calls 62821->62822 62822->62821 62824 28d4e28 62823->62824 62830 28d4e24 62823->62830 62825 28da57d ___DllMainCRTStartup WaitForSingleObject 62824->62825 62826 28d4e30 62825->62826 62827 28d4e42 62826->62827 62831 28d4ee1 59 API calls _free 62826->62831 62829 28da593 ___DllMainCRTStartup ReleaseMutex 62827->62829 62829->62830 62830->62821 62831->62827 62902 28d3d0c 62832->62902 62913 28d3c70 htonl 62835->62913 62837 28d1197 62837->62772 62837->62775 62839 28da71e 62838->62839 62848 28d11b1 62838->62848 62840 28e00b0 _malloc 59 API calls 62839->62840 62841 28da726 _memset 62840->62841 62842 28da5a7 ___DllMainCRTStartup 60 API calls 62841->62842 62841->62848 62843 28da73f 62842->62843 62844 28da74e CreateThread 62843->62844 62845 28da747 62843->62845 62847 28da77c 62844->62847 62844->62848 62918 28da854 62844->62918 62846 28e0078 _free 59 API calls 62845->62846 62846->62848 62914 28da5e7 62847->62914 62848->62783 62852 28da7b8 62848->62852 62851 28e0078 _free 59 API calls 62851->62848 62853 28da7c4 ResumeThread 62852->62853 62854 28da7c2 62852->62854 62853->62783 62854->62783 62949 28d3c70 htonl 62855->62949 62857 28d385d 62858 28d3def 69 API calls 62857->62858 62859 28d3876 62858->62859 62860 28d1166 62859->62860 62950 28d37e4 77 API calls 3 library calls 62859->62950 62860->62773 62860->62774 62862 28d3883 62862->62860 62951 28d3ca9 62862->62951 62864 28d389b 62865 28d38bd 62864->62865 62866 28d38a2 62864->62866 62868 28d38f9 62 API calls 62865->62868 62954 28d39af 71 API calls 2 library calls 62866->62954 62868->62860 62955 28d3b9c 62869->62955 62873 28d3f54 62872->62873 62874 28d3f76 62872->62874 62875 28d3a39 ___DllMainCRTStartup 72 API calls 62873->62875 62874->62780 62876 28d3f64 62875->62876 62972 28d3f7b 62876->62972 62880 28d1386 ___DllMainCRTStartup 62879->62880 62881 28d139c ImpersonateLoggedOnUser 62880->62881 62882 28d13a3 62880->62882 62881->62882 63057 28d1245 62882->63057 62885 28d143f 62887 28d1462 ___DllMainCRTStartup 62885->62887 62889 28d38f9 62 API calls 62885->62889 62887->62783 62888 28d13c0 62890 28d13d3 62888->62890 63063 2b534ea 62888->63063 63071 28d6666 62888->63071 63082 2b5c6a2 62888->63082 63088 2b55d6c 62888->63088 63109 28d5f76 62888->63109 63138 28d66cb 62888->63138 63169 2b559a8 62888->63169 63175 2b5c764 62888->63175 62889->62887 62891 28d3ca9 68 API calls 62890->62891 62892 28d141a 62891->62892 62892->62885 63212 28d4115 69 API calls ___DllMainCRTStartup 62892->63212 62907 28d3c91 62902->62907 62905 28d3d28 62905->62765 62906 28d3d32 htonl 62906->62905 62910 28d3cec 62907->62910 62911 28d42b1 68 API calls 62910->62911 62912 28d3ca4 62911->62912 62912->62905 62912->62906 62913->62837 62915 28da5f6 CloseHandle 62914->62915 62916 28da5f2 62914->62916 62917 28e0078 _free 59 API calls 62915->62917 62916->62851 62917->62916 62919 28da796 ___DllMainCRTStartup 2 API calls 62918->62919 62920 28da85c 62919->62920 62922 28da52b 60 API calls 62920->62922 62924 28d12f7 62920->62924 62921 28da863 62922->62921 62925 28d1307 62924->62925 62926 28d1302 62924->62926 62925->62926 62927 28d1338 62925->62927 62928 28d4bd3 ___DllMainCRTStartup 63 API calls 62925->62928 62926->62921 62927->62926 62929 28d137a 305 API calls 62927->62929 62928->62927 62930 28d1357 62929->62930 62934 28d4d22 62930->62934 62935 28d4d2e 62934->62935 62936 28d1363 62934->62936 62935->62936 62937 28da57d ___DllMainCRTStartup WaitForSingleObject 62935->62937 62936->62926 62942 28da826 62936->62942 62938 28d4d3d 62937->62938 62939 28d4ee1 ___DllMainCRTStartup 59 API calls 62938->62939 62940 28d4d54 62939->62940 62941 28da593 ___DllMainCRTStartup ReleaseMutex 62940->62941 62941->62936 62943 28da835 62942->62943 62944 28da831 62942->62944 62945 28da5e7 60 API calls 62943->62945 62944->62926 62946 28da83d CloseHandle 62945->62946 62947 28e0078 _free 59 API calls 62946->62947 62948 28da84d 62947->62948 62948->62944 62949->62857 62950->62862 62952 28d3c91 68 API calls 62951->62952 62953 28d3cba 62952->62953 62953->62864 62954->62860 62956 28d3bbd 62955->62956 62957 28d3bcf 62955->62957 62968 28d4468 67 API calls 5 library calls 62956->62968 62958 28d3bd6 62957->62958 62959 28d3be1 62957->62959 62969 28e0ad0 62 API calls 3 library calls 62958->62969 62963 28e00b0 _malloc 59 API calls 62959->62963 62961 28d3a59 62961->62783 62964 28d3bde 62963->62964 62964->62961 62965 28d3bf3 htonl htonl 62964->62965 62970 28e0150 62965->62970 62968->62961 62969->62964 62971 28d3c28 htonl htonl 62970->62971 62971->62961 62973 28d3f8e 62972->62973 62989 28d3f71 62973->62989 62991 28d405c 62973->62991 62976 28d3b9c ___DllMainCRTStartup 71 API calls 62977 28d3fbe 62976->62977 62978 28d3ca9 68 API calls 62977->62978 62986 28d3fe8 62977->62986 62981 28d3fd6 62978->62981 62981->62986 63038 28d40bb 59 API calls 4 library calls 62981->63038 62984 28d401e 62987 28e0078 _free 59 API calls 62984->62987 62985 28d4026 62988 28d38f9 62 API calls 62985->62988 62998 28d5d85 62986->62998 62987->62985 62988->62989 62989->62780 62992 28d3ca9 68 API calls 62991->62992 62995 28d4081 62992->62995 62993 28d3fa7 62993->62976 62995->62993 62996 28d40a3 62995->62996 63039 28e0ddc 62995->63039 63042 28d39af 71 API calls 2 library calls 62996->63042 63043 28d54e8 62998->63043 63001 28e3478 _memcpy_s 59 API calls 63002 28d5db6 63001->63002 63003 28d5df1 63002->63003 63005 28d5dd8 CryptDuplicateKey 63002->63005 63004 28d5f40 63003->63004 63006 28e00b0 _malloc 59 API calls 63003->63006 63014 28d3ff9 63004->63014 63015 28d5f64 CryptDestroyKey 63004->63015 63007 28d5df8 CryptSetKeyParam 63005->63007 63008 28d5deb GetLastError 63005->63008 63010 28d5f10 htonl 63006->63010 63007->63008 63009 28d5e16 CryptGenRandom 63007->63009 63008->63003 63011 28d5e36 CryptSetKeyParam 63009->63011 63012 28d5e31 GetLastError 63009->63012 63013 28e3478 _memcpy_s 59 API calls 63010->63013 63016 28d5e4b htonl 63011->63016 63017 28d5e47 GetLastError 63011->63017 63012->63011 63018 28d5f2e 63013->63018 63030 28d93f6 63014->63030 63015->63014 63019 28e00b0 _malloc 59 API calls 63016->63019 63017->63003 63020 28e3478 _memcpy_s 59 API calls 63018->63020 63021 28d5e69 63019->63021 63020->63004 63022 28e3478 _memcpy_s 59 API calls 63021->63022 63023 28d5e91 CryptEncrypt 63022->63023 63024 28d5eac GetLastError 63023->63024 63025 28d5eb6 63023->63025 63026 28d5eb9 htonl 63024->63026 63025->63026 63027 28e3478 _memcpy_s 59 API calls 63026->63027 63028 28d5edb 63027->63028 63029 28e3478 _memcpy_s 59 API calls 63028->63029 63029->63003 63031 28da57d ___DllMainCRTStartup WaitForSingleObject 63030->63031 63033 28d9412 63031->63033 63032 28d943c GetLastError 63034 28da593 ___DllMainCRTStartup ReleaseMutex 63032->63034 63033->63032 63035 28d941b send 63033->63035 63036 28d4006 SetLastError GetLastError 63034->63036 63035->63035 63037 28d9439 63035->63037 63036->62984 63036->62985 63037->63032 63038->62986 63040 28e6171 _LocaleUpdate::_LocaleUpdate 59 API calls 63039->63040 63041 28e0de1 63040->63041 63041->62995 63042->62993 63044 28d5501 63043->63044 63045 28d54f4 63043->63045 63047 28e0ddc _rand 59 API calls 63044->63047 63046 28e19d7 __time64 GetSystemTimeAsFileTime 63045->63046 63048 28d54fb 63046->63048 63049 28d5514 63047->63049 63050 28e0dfd ___DllMainCRTStartup 59 API calls 63048->63050 63051 28e0ddc _rand 59 API calls 63049->63051 63050->63044 63052 28d5528 63051->63052 63053 28e0ddc _rand 59 API calls 63052->63053 63054 28d5535 63053->63054 63055 28e0ddc _rand 59 API calls 63054->63055 63056 28d5542 63055->63056 63056->63001 63213 28d3c70 htonl 63057->63213 63059 28d1255 63060 28d3cec 68 API calls 63059->63060 63061 28d12ef 63059->63061 63060->63059 63061->62885 63062 28d3c70 htonl 63061->63062 63062->62888 63064 2b534fb 63063->63064 63214 2b5409f 63064->63214 63067 2b5352e 63070 28d3f4b 99 API calls 63067->63070 63068 2b5353e 63068->62890 63070->63068 63072 28d384b 85 API calls 63071->63072 63073 28d6675 63072->63073 63074 28d66c1 63073->63074 63075 28d3def 69 API calls 63073->63075 63074->62890 63076 28d668c 63075->63076 63077 28d3def 69 API calls 63076->63077 63078 28d669c 63077->63078 63229 28d4e8f 63078->63229 63081 28d3f4b 99 API calls 63081->63074 63083 2b5c6b2 63082->63083 63235 2b5d12f 63083->63235 63086 2b5c6ca 63086->62890 63087 28d3f4b 99 API calls 63087->63086 63089 2b55d83 GetModuleHandleA GetProcAddress 63088->63089 63254 2b79c52 63089->63254 63092 2b55dcc GetIpForwardTable 63093 2b55ddc GetLastError 63092->63093 63101 2b55de9 _memset __itow _strlen 63092->63101 63094 2b560a1 63093->63094 63097 2b79c1a _free 58 API calls 63094->63097 63095 2b55ea1 _memset 63098 2b55f2e GetModuleHandleA GetProcAddress 63095->63098 63096 2b560cc 63096->62890 63099 2b55dc4 63097->63099 63098->63094 63100 2b55f72 GetIpForwardTable2 63098->63100 63108 28d3f4b 99 API calls 63099->63108 63100->63093 63106 2b55f82 _memset __itow _strlen 63100->63106 63101->63095 63102 2b55e4f htonl 63101->63102 63102->63101 63103 2b55f9f GetIpInterfaceEntry 63104 2b55fbf GetLastError 63103->63104 63103->63106 63104->63106 63106->63094 63106->63103 63107 2b56041 htonl 63106->63107 63271 2b562f5 htonl htonl htonl htonl 63106->63271 63107->63106 63108->63096 63110 28d384b 85 API calls 63109->63110 63111 28d5f86 63110->63111 63112 28d5f99 63111->63112 63304 28d6105 61 API calls _free 63111->63304 63114 28e0911 _calloc 59 API calls 63112->63114 63115 28d5fa3 63114->63115 63116 28d5fae 63115->63116 63117 28d5fbd CryptAcquireContextW 63115->63117 63120 28d3f4b 99 API calls 63116->63120 63118 28d5fdc GetLastError 63117->63118 63119 28d5ff0 63117->63119 63118->63117 63118->63119 63119->63116 63122 28d6005 CryptGenRandom 63119->63122 63121 28d60f0 63120->63121 63121->62890 63123 28d602d CryptImportKey 63122->63123 63124 28d6044 GetLastError 63122->63124 63123->63124 63125 28d604f 63123->63125 63124->63116 63280 28d3e14 63125->63280 63130 28d3a39 ___DllMainCRTStartup 72 API calls 63131 28d6097 63130->63131 63132 28d60c1 63131->63132 63133 28d60a5 63131->63133 63134 28d3b9c ___DllMainCRTStartup 71 API calls 63132->63134 63135 28d3b9c ___DllMainCRTStartup 71 API calls 63133->63135 63134->63116 63136 28d60b6 63135->63136 63137 28e0078 _free 59 API calls 63136->63137 63137->63116 63139 28d384b 85 API calls 63138->63139 63140 28d66dd 63139->63140 63305 28d3d7e 63140->63305 63143 28d3def 69 API calls 63144 28d6707 63143->63144 63145 28d6711 63144->63145 63146 28d3c91 68 API calls 63144->63146 63165 28d677c 63144->63165 63147 28d3f4b 99 API calls 63145->63147 63152 28d67f9 63145->63152 63148 28d6730 63146->63148 63147->63152 63148->63145 63154 28d3d7e 68 API calls 63148->63154 63149 28d67c7 63149->63145 63153 28d67d1 63149->63153 63150 28d67b2 LoadLibraryA 63150->63149 63151 28d67bf GetLastError 63150->63151 63151->63149 63152->62890 63315 28d6805 78 API calls 4 library calls 63153->63315 63156 28d6742 63154->63156 63156->63145 63158 28d6791 63156->63158 63159 28d6750 63156->63159 63157 28d67e3 63157->63145 63314 28d6c03 CreateFileA GetLastError WriteFile CloseHandle 63158->63314 63308 28d3d49 63159->63308 63163 28d50fc ___DllMainCRTStartup 2 API calls 63164 28d6763 63163->63164 63164->63165 63166 28d6769 63164->63166 63165->63145 63165->63149 63165->63150 63313 28d4584 92 API calls 2 library calls 63166->63313 63168 28d6775 63168->63165 63170 2b559b8 63169->63170 63316 2b55b3d GetModuleHandleA GetProcAddress 63170->63316 63173 2b559d3 63173->62890 63174 28d3f4b 99 API calls 63174->63173 63176 2b5c77b _memset 63175->63176 63177 2b5c7a6 GetComputerNameA 63176->63177 63178 2b5c7be GetLastError 63177->63178 63179 2b5c7cb 63177->63179 63180 2b5c9ab 63178->63180 63337 2b5d23e 63179->63337 63211 28d3f4b 99 API calls 63180->63211 63181 2b5c9b8 63181->62890 63184 2b5c800 GetProcAddress GetProcAddress 63185 2b5c830 63184->63185 63186 2b5c822 GetNativeSystemInfo 63184->63186 63187 2b5c867 GetProcAddress 63185->63187 63188 2b5c950 NetWkstaGetInfo 63185->63188 63186->63185 63189 2b5c904 63187->63189 63190 2b5c881 GetLocaleInfoA 63187->63190 63188->63180 63202 2b5c963 63188->63202 63351 2b7b76e 83 API calls 3 library calls 63189->63351 63193 2b5c8b3 GetLocaleInfoA 63190->63193 63194 2b5c89b 63190->63194 63195 2b5c8c7 63193->63195 63196 2b5c8df 63193->63196 63197 2b79c52 _malloc 58 API calls 63194->63197 63198 2b79c52 _malloc 58 API calls 63195->63198 63196->63189 63201 2b5c8e7 63196->63201 63199 2b5c8a1 GetLocaleInfoA 63197->63199 63200 2b5c8cd GetLocaleInfoA 63198->63200 63199->63193 63200->63196 63350 2b7b76e 83 API calls 3 library calls 63201->63350 63207 2b79c1a _free 58 API calls 63202->63207 63203 2b5c941 63205 2b5c94c 63203->63205 63209 2b79c1a _free 58 API calls 63203->63209 63204 2b5c8ff 63204->63203 63208 2b79c1a _free 58 API calls 63204->63208 63205->63188 63210 2b5c9a0 NetApiBufferFree 63207->63210 63208->63203 63209->63205 63210->63180 63211->63181 63212->62885 63213->63059 63226 2b7ace0 63214->63226 63217 2b540c5 63218 2b540e1 GetLastError 63217->63218 63219 2b5350a 63217->63219 63218->63219 63219->63067 63220 2b79c1a 63219->63220 63221 2b79c23 RtlFreeHeap 63220->63221 63225 2b79c4c _free 63220->63225 63222 2b79c38 63221->63222 63221->63225 63228 2b7fba8 58 API calls __getptd_noexit 63222->63228 63224 2b79c3e GetLastError 63224->63225 63225->63067 63227 2b540ac GetCurrentDirectoryW 63226->63227 63227->63217 63227->63218 63228->63224 63230 28d4e9a 63229->63230 63231 28d4ed5 63229->63231 63230->63231 63232 28da57d ___DllMainCRTStartup WaitForSingleObject 63230->63232 63231->63081 63234 28d4eaa 63232->63234 63233 28da593 ___DllMainCRTStartup ReleaseMutex 63233->63231 63234->63233 63236 2b5d13c _memset __write_nolock 63235->63236 63248 2b5d0cd GetCurrentThread OpenThreadToken 63236->63248 63239 2b5d194 LookupAccountSidW 63241 2b5d1c7 63239->63241 63242 2b5d1bf GetLastError 63239->63242 63240 2b5c6ba 63240->63087 63253 2b7b76e 83 API calls 3 library calls 63241->63253 63242->63240 63244 2b5d209 63245 2b79c1a _free 58 API calls 63244->63245 63246 2b5d20f 63245->63246 63247 2b79c1a _free 58 API calls 63246->63247 63247->63240 63249 2b5d107 GetTokenInformation 63248->63249 63250 2b5d0f0 GetCurrentProcess OpenProcessToken 63248->63250 63251 2b5d120 GetLastError 63249->63251 63252 2b5d128 63249->63252 63250->63249 63250->63251 63251->63252 63252->63239 63252->63240 63253->63244 63255 2b79ccd 63254->63255 63260 2b79c5e 63254->63260 63278 2b7fc93 RtlDecodePointer 63255->63278 63257 2b79c69 63257->63260 63272 2b7fcc6 58 API calls __NMSG_WRITE 63257->63272 63273 2b7fd23 58 API calls 5 library calls 63257->63273 63274 2b7ee59 GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 63257->63274 63258 2b79cd3 63279 2b7fba8 58 API calls __getptd_noexit 63258->63279 63260->63257 63262 2b79c91 RtlAllocateHeap 63260->63262 63265 2b79cb9 63260->63265 63269 2b79cb7 63260->63269 63275 2b7fc93 RtlDecodePointer 63260->63275 63262->63260 63263 2b55dba 63262->63263 63263->63092 63263->63099 63276 2b7fba8 58 API calls __getptd_noexit 63265->63276 63277 2b7fba8 58 API calls __getptd_noexit 63269->63277 63271->63106 63272->63257 63273->63257 63275->63260 63276->63269 63277->63263 63278->63258 63279->63263 63281 28d3c91 68 API calls 63280->63281 63282 28d3e29 63281->63282 63283 28d6146 63282->63283 63284 28d624a 63283->63284 63285 28d6167 63283->63285 63293 28e0078 _free 59 API calls 63284->63293 63297 28d6218 63284->63297 63285->63284 63286 28d6170 CryptDecodeObjectEx 63285->63286 63287 28d6195 GetLastError 63286->63287 63288 28d61a2 CryptAcquireContextW 63286->63288 63287->63284 63289 28d61bf CryptAcquireContextW 63288->63289 63290 28d61d3 CryptImportPublicKeyInfo 63288->63290 63289->63287 63289->63290 63290->63287 63294 28d61e9 CryptEncrypt 63290->63294 63291 28d629e LocalFree 63292 28d62a7 63291->63292 63295 28d62ad CryptDestroyKey 63292->63295 63296 28d62b6 63292->63296 63293->63297 63298 28e0911 _calloc 59 API calls 63294->63298 63295->63296 63299 28d62bc CryptReleaseContext 63296->63299 63300 28d6086 63296->63300 63297->63291 63297->63292 63301 28d6210 63298->63301 63299->63300 63300->63130 63301->63297 63302 28e3478 _memcpy_s 59 API calls 63301->63302 63303 28d622c CryptEncrypt 63302->63303 63303->63284 63303->63287 63304->63112 63306 28d3ca9 68 API calls 63305->63306 63307 28d3d96 63306->63307 63307->63143 63309 28d3d7e 68 API calls 63308->63309 63310 28d3d59 63309->63310 63311 28d3d6c 63310->63311 63312 28d3def 69 API calls 63310->63312 63311->63163 63312->63311 63313->63168 63314->63168 63315->63157 63317 2b55b7c GetAdaptersAddresses 63316->63317 63318 2b55b6a 63316->63318 63320 2b79c52 _malloc 58 API calls 63317->63320 63335 2b559dc 65 API calls 3 library calls 63318->63335 63321 2b55b90 63320->63321 63322 2b55ba2 GetAdaptersAddresses 63321->63322 63323 2b559c3 63321->63323 63324 2b55bb1 GetLastError 63322->63324 63325 2b55bbe 63322->63325 63323->63174 63328 2b55bb7 63324->63328 63326 2b55bc3 63325->63326 63327 2b55bd2 _memset 63325->63327 63336 2b559dc 65 API calls 3 library calls 63326->63336 63330 2b55be5 GetVersionExA 63327->63330 63331 2b79c1a _free 58 API calls 63328->63331 63334 2b55c00 63330->63334 63331->63323 63332 2b55d59 63332->63328 63333 2b55ca1 htonl 63333->63334 63334->63332 63334->63333 63335->63323 63336->63328 63352 2b7a3e0 63337->63352 63340 2b5d276 GetLastError 63344 2b5c7e9 LoadLibraryA 63340->63344 63341 2b5d283 GetProcAddress 63342 2b5d296 GetLastError 63341->63342 63343 2b5d2a3 _memset __NMSG_WRITE 63341->63343 63345 2b5d2cf 63342->63345 63343->63345 63346 2b5d47f 63343->63346 63347 2b5d44e 63343->63347 63344->63184 63344->63185 63345->63344 63355 2b7b76e 83 API calls 3 library calls 63346->63355 63354 2b7b76e 83 API calls 3 library calls 63347->63354 63350->63204 63351->63204 63353 2b5d264 GetModuleHandleA 63352->63353 63353->63340 63353->63341 63354->63345 63355->63345 63357 28e6148 63356->63357 63363 28e616e 63356->63363 63359 28e9162 __freeptd TlsGetValue 63357->63359 63361 28e6156 63357->63361 63359->63361 63360 28e6166 63382 28e6006 63360->63382 63381 28e9181 TlsSetValue 63361->63381 63363->62381 63364->62345 63365->62355 63366->62368 63367->62374 63368->62381 63369->62380 63370->62385 63371->62382 63372->62386 63373->62349 63374->62356 63375->62362 63376->62358 63377->62381 63378->62359 63379->62367 63380->62375 63381->63360 63384 28e6012 __mtinitlocknum 63382->63384 63383 28e602b 63387 28e603a 63383->63387 63388 28e0078 _free 59 API calls 63383->63388 63384->63383 63385 28e611a __mtinitlocknum 63384->63385 63386 28e0078 _free 59 API calls 63384->63386 63385->63363 63386->63383 63389 28e6049 63387->63389 63391 28e0078 _free 59 API calls 63387->63391 63388->63387 63390 28e6058 63389->63390 63392 28e0078 _free 59 API calls 63389->63392 63393 28e6067 63390->63393 63394 28e0078 _free 59 API calls 63390->63394 63391->63389 63392->63390 63395 28e6076 63393->63395 63396 28e0078 _free 59 API calls 63393->63396 63394->63393 63397 28e6085 63395->63397 63399 28e0078 _free 59 API calls 63395->63399 63396->63395 63398 28e6097 63397->63398 63400 28e0078 _free 59 API calls 63397->63400 63414 28e97e4 63398->63414 63399->63397 63400->63398 63402 28e609f 63406 28e0078 _free 59 API calls 63402->63406 63407 28e60c2 63402->63407 63405 28e97e4 __lock 59 API calls 63412 28e60d6 ___removelocaleref 63405->63412 63406->63407 63421 28e6126 63407->63421 63408 28e6107 63424 28e6132 63408->63424 63411 28e0078 _free 59 API calls 63411->63385 63412->63408 63427 28e5606 59 API calls 4 library calls 63412->63427 63415 28e9808 EnterCriticalSection 63414->63415 63416 28e97f5 63414->63416 63415->63402 63428 28e986c 59 API calls 6 library calls 63416->63428 63418 28e97fb 63418->63415 63429 28e467f 59 API calls 3 library calls 63418->63429 63430 28e994e LeaveCriticalSection 63421->63430 63423 28e60cf 63423->63405 63431 28e994e LeaveCriticalSection 63424->63431 63426 28e6114 63426->63411 63427->63408 63428->63418 63430->63423 63431->63426 63432 75b000 LoadLibraryA GetProcAddress CreateThread 63433 75b047 63432->63433 63436 75b0e2 LoadLibraryA 63433->63436 63435 75b053 63435->63435 63437 75b107 63436->63437 63438 75b109 WSASocketA 63437->63438 63439 75b125 connect 63437->63439 63440 75b13e recv 63437->63440 63442 75b165 recv 63437->63442 63443 75b1a4 63437->63443 63438->63439 63439->63437 63439->63440 63440->63437 63441 75b150 VirtualAlloc 63440->63441 63441->63442 63442->63437 63443->63435 63444 6546623 63445 654662f ___DllMainCRTStartup 63444->63445 63446 6546637 63445->63446 63447 65466b1 63445->63447 63503 65469ed GetProcessHeap 63446->63503 63449 65466b5 63447->63449 63450 654671a 63447->63450 63454 65466d6 63449->63454 63463 6546640 ___DllMainCRTStartup __CRT_INIT@12 63449->63463 63512 65484ed 58 API calls _doexit 63449->63512 63452 654677d 63450->63452 63453 654671f 63450->63453 63451 654663c 63451->63463 63504 65482b4 99 API calls 6 library calls 63451->63504 63452->63463 63495 6548144 63452->63495 63517 6549950 TlsGetValue 63453->63517 63513 65483c4 60 API calls _free 63454->63513 63459 654672a 63459->63463 63518 6549cc3 58 API calls 2 library calls 63459->63518 63461 654664c __RTC_Initialize 63461->63463 63470 654665c GetCommandLineA 63461->63470 63462 65466db 63465 65466ec __CRT_INIT@12 63462->63465 63514 6549488 59 API calls _free 63462->63514 63516 6546705 61 API calls __mtterm 63465->63516 63468 654673b 63468->63463 63519 654996f TlsSetValue 63468->63519 63469 65466e7 63515 654832a 61 API calls 2 library calls 63469->63515 63505 6549886 63 API calls 2 library calls 63470->63505 63474 6546753 63476 6546771 63474->63476 63477 6546759 63474->63477 63475 654666c 63506 65491d4 62 API calls 6 library calls 63475->63506 63521 6545128 63476->63521 63520 6548201 58 API calls 4 library calls 63477->63520 63481 6546676 63483 6546681 63481->63483 63484 654667a 63481->63484 63482 6546761 GetCurrentThreadId 63482->63463 63508 65494da 71 API calls 3 library calls 63483->63508 63507 654832a 61 API calls 2 library calls 63484->63507 63487 6546686 63488 654669a 63487->63488 63509 6549709 70 API calls 6 library calls 63487->63509 63494 654669f 63488->63494 63511 6549488 59 API calls _free 63488->63511 63491 65466af 63491->63484 63492 654668f 63492->63488 63510 65484fc 68 API calls 5 library calls 63492->63510 63494->63463 63496 6548151 63495->63496 63497 6548177 63495->63497 63498 654815f 63496->63498 63560 6549950 TlsGetValue 63496->63560 63497->63463 63527 654996f TlsSetValue 63498->63527 63501 654816f 63528 654800f 63501->63528 63503->63451 63504->63461 63505->63475 63506->63481 63507->63463 63508->63487 63509->63492 63510->63488 63511->63491 63512->63454 63513->63462 63514->63469 63515->63465 63516->63463 63517->63459 63518->63468 63519->63474 63520->63482 63522 6545131 RtlFreeHeap 63521->63522 63526 654515a __dosmaperr 63521->63526 63523 6545146 63522->63523 63522->63526 63579 654691f 58 API calls __getptd_noexit 63523->63579 63525 654514c GetLastError 63525->63526 63526->63463 63527->63501 63530 654801b ___DllMainCRTStartup 63528->63530 63529 6548034 63532 6548043 63529->63532 63534 6545128 _free 58 API calls 63529->63534 63530->63529 63531 6545128 _free 58 API calls 63530->63531 63533 6548123 ___DllMainCRTStartup 63530->63533 63531->63529 63535 6548052 63532->63535 63536 6545128 _free 58 API calls 63532->63536 63533->63497 63534->63532 63537 6548061 63535->63537 63538 6545128 _free 58 API calls 63535->63538 63536->63535 63539 6548070 63537->63539 63540 6545128 _free 58 API calls 63537->63540 63538->63537 63541 654807f 63539->63541 63542 6545128 _free 58 API calls 63539->63542 63540->63539 63543 654808e 63541->63543 63544 6545128 _free 58 API calls 63541->63544 63542->63541 63545 65480a0 63543->63545 63546 6545128 _free 58 API calls 63543->63546 63544->63543 63561 654c89d 63545->63561 63546->63545 63548 65480cb 63568 654812f 63548->63568 63550 65480a8 63550->63548 63552 6545128 _free 58 API calls 63550->63552 63552->63548 63553 654c89d __lock 58 API calls 63557 65480df ___removelocaleref 63553->63557 63556 6545128 _free 58 API calls 63556->63533 63559 6548110 63557->63559 63574 654bacf 58 API calls 4 library calls 63557->63574 63571 654813b 63559->63571 63560->63498 63562 654c8c1 EnterCriticalSection 63561->63562 63563 654c8ae 63561->63563 63562->63550 63575 654c925 58 API calls 10 library calls 63563->63575 63565 654c8b4 63565->63562 63576 65484d1 58 API calls 3 library calls 63565->63576 63577 654ca07 LeaveCriticalSection 63568->63577 63570 65480d8 63570->63553 63578 654ca07 LeaveCriticalSection 63571->63578 63573 654811d 63573->63556 63574->63559 63575->63565 63577->63570 63578->63573 63579->63525 63580 28a4997 63581 28a4a21 63580->63581 63582 28a4a47 GetPEB 63581->63582 63584 28a4a6e 63582->63584 63583 28a4c6f LoadLibraryA 63583->63584 63584->63583 63585 28a4b7b 63584->63585

                                                  Executed Functions

                                                  Function 02B5C764 Relevance: 54.5, APIs: 22, Strings: 9, Instructions: 207libraryloaderCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • _memset.LIBCMT ref: 02B5C793
                                                  • _memset.LIBCMT ref: 02B5C7A1
                                                  • GetComputerNameA.KERNEL32(?,?), ref: 02B5C7B4
                                                  • GetLastError.KERNEL32 ref: 02B5C7BE
                                                  • LoadLibraryA.KERNEL32(kernel32.dll), ref: 02B5C7F1
                                                  • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 02B5C806
                                                  • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02B5C815
                                                  • GetNativeSystemInfo.KERNEL32(?), ref: 02B5C826
                                                  • GetProcAddress.KERNEL32(?,GetSystemDefaultLangID), ref: 02B5C873
                                                  • GetLocaleInfoA.KERNEL32(?,0000005A,00000000,00000000), ref: 02B5C88E
                                                  • _malloc.LIBCMT ref: 02B5C89C
                                                  • GetLocaleInfoA.KERNEL32(?,0000005A,00000000,?), ref: 02B5C8AD
                                                  • GetLocaleInfoA.KERNEL32(?,00000059,00000000,00000000), ref: 02B5C8BA
                                                  • _malloc.LIBCMT ref: 02B5C8C8
                                                  • GetLocaleInfoA.KERNEL32(?,00000059,00000000,?), ref: 02B5C8D9
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Info$Locale$AddressProc$_malloc_memset$ComputerErrorLastLibraryLoadNameNativeSystem
                                                  • String ID: %s_%s$GetNativeSystemInfo$GetSystemDefaultLangID$IA64$IsWow64Process$Unknown$kernel32.dll$x64$x86
                                                  • API String ID: 2857210640-198457881
                                                  • Opcode ID: 10408d55a06a3e26d594553937361159da500845c49eaf1029aaed63531fd3a9
                                                  • Instruction ID: e77f7aba9cdc4edbe8936aab8db923153b7c99e84f54971458e824c757b56180
                                                  • Opcode Fuzzy Hash: 10408d55a06a3e26d594553937361159da500845c49eaf1029aaed63531fd3a9
                                                  • Instruction Fuzzy Hash: 6961C2B1D40315BBDB11ABA8DD89EAE7B7EEF05740F0404A5FE09E7211D7749A50CBA0
                                                  Function 028D6146 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 151encryptionCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 104 28d6146-28d6161 105 28d6284 104->105 106 28d6167-28d616a 104->106 107 28d6289-28d628b 105->107 106->105 108 28d6170-28d6193 CryptDecodeObjectEx 106->108 109 28d628d-28d628f 107->109 110 28d6298-28d629c 107->110 111 28d6195-28d619d GetLastError 108->111 112 28d61a2-28d61bd CryptAcquireContextW 108->112 109->110 113 28d6291-28d6297 call 28e0078 109->113 116 28d629e-28d62a1 LocalFree 110->116 117 28d62a7-28d62ab 110->117 111->107 114 28d61bf-28d61d1 CryptAcquireContextW 112->114 115 28d61d3-28d61e7 CryptImportPublicKeyInfo 112->115 113->110 114->111 114->115 115->111 119 28d61e9-28d6216 CryptEncrypt call 28e0911 115->119 116->117 120 28d62ad-28d62b0 CryptDestroyKey 117->120 121 28d62b6-28d62ba 117->121 127 28d621d-28d6244 call 28e3478 CryptEncrypt 119->127 128 28d6218-28d621b 119->128 120->121 124 28d62bc-28d62c1 CryptReleaseContext 121->124 125 28d62c7-28d62cf 121->125 124->125 127->111 131 28d624a-28d6255 127->131 128->110 132 28d6278-28d6282 131->132 133 28d6257-28d6276 131->133 132->107 133->132 133->133
                                                  APIs
                                                  • CryptDecodeObjectEx.CRYPT32(00000001,00000008,?,?,00008000,00000000,?,?), ref: 028D618B
                                                  • GetLastError.KERNEL32 ref: 028D6195
                                                  • CryptAcquireContextW.ADVAPI32(?,00000000,Microsoft Enhanced Cryptographic Provider v1.0,00000001,F0000000), ref: 028D61B9
                                                  • CryptAcquireContextW.ADVAPI32(?,00000000,Microsoft Enhanced Cryptographic Provider v1.0,00000001,00000008), ref: 028D61CD
                                                  • CryptImportPublicKeyInfo.CRYPT32(?,00000001,?,00006610), ref: 028D61DF
                                                  • CryptEncrypt.ADVAPI32(00006610,00000000,00000001,00000000,00000000,?,?), ref: 028D6204
                                                  • _calloc.LIBCMT ref: 028D620B
                                                  • _free.LIBCMT ref: 028D6292
                                                  • LocalFree.KERNEL32(00000000,00000000,00000000,?), ref: 028D62A1
                                                  • CryptDestroyKey.ADVAPI32(00000000,00000000,00000000,?), ref: 028D62B0
                                                  • CryptReleaseContext.ADVAPI32(00000000,00000000,00000000,00000000,?), ref: 028D62C1
                                                  Strings
                                                  • Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 028D61A9
                                                  • Microsoft Enhanced Cryptographic Provider v1.0, xrefs: 028D61C3
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Crypt$Context$Acquire$DecodeDestroyEncryptErrorFreeImportInfoLastLocalObjectPublicRelease_calloc_free
                                                  • String ID: Microsoft Enhanced Cryptographic Provider v1.0$Microsoft Enhanced Cryptographic Provider v1.0
                                                  • API String ID: 1372360500-947817771
                                                  • Opcode ID: d8793488cc44f5430760c90cd307be812ee3e7a8c1fac36d4c92e1693571c76b
                                                  • Instruction ID: fcb46a12bb242d2e02ee2f9a442fcd9f2e01581bcf2d0595c3650a3b2a42fd55
                                                  • Opcode Fuzzy Hash: d8793488cc44f5430760c90cd307be812ee3e7a8c1fac36d4c92e1693571c76b
                                                  • Instruction Fuzzy Hash: A0519D7DA4021DFFEF118E99DC84FEE7BBDAB44344F104165FA08EA190E7719A588B60
                                                  Function 028D5C13 Relevance: 21.1, APIs: 14, Instructions: 139encryptionCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 351 28d5c13-28d5c43 call 28d54a7 call 28e0911 356 28d5c4d-28d5c5e htonl 351->356 357 28d5c45-28d5c48 351->357 359 28d5d18-28d5d37 htonl call 28e00b0 356->359 360 28d5c64-28d5c67 356->360 358 28d5d6d-28d5d71 357->358 363 28d5d7c-28d5d84 358->363 364 28d5d73-28d5d76 CryptDestroyKey 358->364 365 28d5d3c-28d5d44 359->365 360->359 362 28d5c6d-28d5c6f 360->362 362->359 366 28d5c75-28d5c9b htonl CryptDuplicateKey 362->366 364->363 367 28d5d4b-28d5d60 call 28e3478 365->367 368 28d5d46-28d5d49 365->368 369 28d5c9d-28d5ca5 GetLastError 366->369 370 28d5caa-28d5cc3 CryptSetKeyParam 366->370 373 28d5d62-28d5d64 367->373 371 28d5d66-28d5d6c call 28d38f9 368->371 369->373 370->369 374 28d5cc5-28d5cd7 CryptSetKeyParam 370->374 371->358 373->358 373->371 374->369 377 28d5cd9-28d5cf0 CryptDecrypt 374->377 377->369 379 28d5cf2-28d5d15 call 28e34f7 htonl 377->379 379->359
                                                  APIs
                                                  • _calloc.LIBCMT ref: 028D5C37
                                                    • Part of subcall function 028E0911: __calloc_impl.LIBCMT ref: 028E0924
                                                  • htonl.WS2_32(?), ref: 028D5C50
                                                  • htonl.WS2_32(?), ref: 028D5C78
                                                  • CryptDuplicateKey.ADVAPI32(?,00000000,00000000,?), ref: 028D5C93
                                                  • GetLastError.KERNEL32 ref: 028D5C9D
                                                  • CryptDestroyKey.ADVAPI32(00000000), ref: 028D5D76
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Crypthtonl$DestroyDuplicateErrorLast__calloc_impl_calloc
                                                  • String ID:
                                                  • API String ID: 3044516756-0
                                                  • Opcode ID: 1d7bfa3b6fee1d263913d5bdeec424df71f3a5ec8e7ab0fbd84ccd4fed03aebc
                                                  • Instruction ID: 119ecaa43f8a01c1ab8cf7804af608c148c6e5c2980eae7c5a4df072a11e101f
                                                  • Opcode Fuzzy Hash: 1d7bfa3b6fee1d263913d5bdeec424df71f3a5ec8e7ab0fbd84ccd4fed03aebc
                                                  • Instruction Fuzzy Hash: 64419D7D940209EFDB10DF69DD48EAA7BA8FF04314F544566F908E6281E734DA64CFA0
                                                  Function 028D5F76 Relevance: 10.6, APIs: 7, Instructions: 141encryptionCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • _calloc.LIBCMT ref: 028D5F9E
                                                    • Part of subcall function 028D6105: CryptDestroyKey.ADVAPI32(?,028D7FBC,?,028D6626,028D7FBC,75A7BD50,?,028D7FBC,00000000), ref: 028D611C
                                                    • Part of subcall function 028D6105: CryptReleaseContext.ADVAPI32(10E015FF,00000000,028D7FBC,?,028D6626,028D7FBC,75A7BD50,?,028D7FBC,00000000), ref: 028D612E
                                                    • Part of subcall function 028D6105: _free.LIBCMT ref: 028D6137
                                                  • CryptAcquireContextW.ADVAPI32(00000000,00000000,028F8738,00000018,00000000), ref: 028D5FD2
                                                  • GetLastError.KERNEL32 ref: 028D5FDC
                                                  • CryptGenRandom.ADVAPI32(00000000,00000020,0000001C), ref: 028D6023
                                                  • CryptImportKey.ADVAPI32(00000000,00000010,0000002C,00000000,00000000,00000004), ref: 028D603A
                                                  • GetLastError.KERNEL32 ref: 028D6044
                                                  • _free.LIBCMT ref: 028D60B7
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Crypt$ContextErrorLast_free$AcquireDestroyImportRandomRelease_calloc
                                                  • String ID:
                                                  • API String ID: 1247967341-0
                                                  • Opcode ID: 9c58c616b27b6b6f7d6c2d8a4754d3c1007ef88b89d240aa8d4a0790a92e396a
                                                  • Instruction ID: 4dc05c5a207f830fb2cf0f3ae6b62697615dba415f40f6588cc0ef1506984af1
                                                  • Opcode Fuzzy Hash: 9c58c616b27b6b6f7d6c2d8a4754d3c1007ef88b89d240aa8d4a0790a92e396a
                                                  • Instruction Fuzzy Hash: 7441AD7D940218FFDB219F54DC48FAABBB9EF04714F004459F908EA681E7719998CF91
                                                  Function 0075B0E2 Relevance: 9.1, APIs: 6, Instructions: 81networklibrarymemoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 524 75b0e2-75b107 LoadLibraryA 526 75b109-75b124 WSASocketA 524->526 527 75b125-75b132 connect 526->527 528 75b134-75b137 527->528 529 75b13e-75b14e recv 527->529 528->527 530 75b139 call 75b1a5 528->530 531 75b186-75b193 529->531 532 75b150-75b164 VirtualAlloc 529->532 530->529 531->526 538 75b199 531->538 534 75b165-75b174 recv 532->534 535 75b176-75b17f 534->535 536 75b19e-75b1a2 534->536 535->531 536->534 539 75b1a4 536->539 538->530
                                                  APIs
                                                  • LoadLibraryA.KERNEL32(0726774C,?,5F327377,00003233), ref: 0075B0F5
                                                  • WSASocketA.WS2_32(E0DF0FEA,00000002,00000001,00000000,00000000,00000000,00000000,944B0002,E52663A7,0000000A,?,?,5F327377,00003233), ref: 0075B122
                                                  • connect.WS2_32(6174A599,?,?,00000010,?,?,5F327377,00003233), ref: 0075B12E
                                                  • recv.WS2_32(5FC8D902,?,?,00000004,00000000,?,?,00000010,?,?,5F327377,00003233), ref: 0075B149
                                                  • VirtualAlloc.KERNEL32(E553A458,00000000,?,00001000,00000040,?,?,00000004,00000000), ref: 0075B161
                                                  • recv.WS2_32(5FC8D902,?,?,?,00000000,?,?,00001000,00000040,?,?,00000004,00000000), ref: 0075B16F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2077575749.000000000075B000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2077107036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2077125732.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2077291746.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2077391874.0000000000620000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2077409658.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2077425416.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2077425416.0000000000628000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2077455568.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2077455568.00000000006F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2077601998.000000000075C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2077618228.0000000000760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2077618228.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: recv$AllocLibraryLoadSocketVirtualconnect
                                                  • String ID:
                                                  • API String ID: 2782296289-0
                                                  • Opcode ID: 9c4c38c0170d5d967a4f5bcae100936f56fc64772d60659f9fc48c63d31ce264
                                                  • Instruction ID: dc9e45cddc3465b5bcd77a283888cb88fd1f340fb41081e40174a21a54a566cd
                                                  • Opcode Fuzzy Hash: 9c4c38c0170d5d967a4f5bcae100936f56fc64772d60659f9fc48c63d31ce264
                                                  • Instruction Fuzzy Hash: FB1184B178169C3EF53025629C57FBB695CCF46BA9F100024BF45EA0C5DAC69C4881FA
                                                  Function 0075B000 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 16libraryloaderthreadCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 545 75b000-75b02b LoadLibraryA GetProcAddress CreateThread
                                                  APIs
                                                  • LoadLibraryA.KERNEL32(kernel32), ref: 0075B006
                                                  • GetProcAddress.KERNEL32(00000000,CreateThread), ref: 0075B012
                                                  • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 0075B029
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2077575749.000000000075B000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.2077107036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2077125732.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2077291746.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2077391874.0000000000620000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2077409658.0000000000622000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2077425416.0000000000626000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2077425416.0000000000628000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2077455568.000000000062E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2077455568.00000000006F1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2077601998.000000000075C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2077618228.0000000000760000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.2077618228.0000000000823000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AddressCreateLibraryLoadProcThread
                                                  • String ID: CreateThread$kernel32
                                                  • API String ID: 506160910-3234967679
                                                  • Opcode ID: 286391cc6855f42996b9e9c7c8087629bf559f8eb1c94d73ddf4d646e9f9113b
                                                  • Instruction ID: c831374cbb02a0ad704bc503aeb4ac2247f2217d610ddf506fa033a1918d9b40
                                                  • Opcode Fuzzy Hash: 286391cc6855f42996b9e9c7c8087629bf559f8eb1c94d73ddf4d646e9f9113b
                                                  • Instruction Fuzzy Hash: 3AD0C9B13C4304BFF66057E09E0EFBA2528A765F52F204500721A690D086E821086628
                                                  Function 028D5B73 Relevance: 6.0, APIs: 4, Instructions: 34COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleW.KERNEL32(00000000,?,?,?,028D5C00,?,?,028E438F,?,00000001,?,?,00000001,?,028F54B8,0000000C), ref: 028D5B83
                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,028D5C00,?,?,028E438F,?,00000001,?,?,00000001,?,028F54B8,0000000C), ref: 028D5BB8
                                                  • ExitProcess.KERNEL32 ref: 028D5BC5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ExceptionExitFilterHandleModuleProcessUnhandled
                                                  • String ID:
                                                  • API String ID: 3470424200-0
                                                  • Opcode ID: b5c920d1d20e5479770873457e6c358afdc9715751afb104e121cb89e746daa2
                                                  • Instruction ID: ea005b48d1826db8d5c94b81c29ef1e51d29b48f4f24dbb83a5e45b7579de0ad
                                                  • Opcode Fuzzy Hash: b5c920d1d20e5479770873457e6c358afdc9715751afb104e121cb89e746daa2
                                                  • Instruction Fuzzy Hash: 0FF0E2BD840704EFC7206FA5ECCCC66B76DEA413663145C2BF60EC1580C738A4E8CA61
                                                  Function 028A4997 Relevance: 2.0, APIs: 1, Instructions: 480libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: LibraryLoad
                                                  • String ID:
                                                  • API String ID: 1029625771-0
                                                  • Opcode ID: 3459d2883bfd244803a1b168484b841198106c0c9546e75731a7ca8204b8f1a9
                                                  • Instruction ID: 310bec8619d33157deae84c4675fc6576fd200816cd216dfc0b7b153f1528068
                                                  • Opcode Fuzzy Hash: 3459d2883bfd244803a1b168484b841198106c0c9546e75731a7ca8204b8f1a9
                                                  • Instruction Fuzzy Hash: 2E121B79E0021A9FEF24CF98C890BADB7F4EF48314F24416AD959EB341DBB4A951CB50
                                                  Function 028A494E Relevance: .0, Instructions: 5COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1f99ad937629c0f85dd6d2ab1fc2d16b28079fb63ccd3e8da6f6ce4ff3bac24e
                                                  • Instruction ID: ec2e236bda279c5b1adf71124ed3222d0e7532ebe1c9a934d4ab041b161d8aa6
                                                  • Opcode Fuzzy Hash: 1f99ad937629c0f85dd6d2ab1fc2d16b28079fb63ccd3e8da6f6ce4ff3bac24e
                                                  • Instruction Fuzzy Hash:
                                                  Function 02B55D6C Relevance: 38.8, APIs: 20, Strings: 2, Instructions: 250libraryloaderCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • GetModuleHandleA.KERNEL32(Iphlpapi.dll), ref: 02B55D99
                                                  • GetProcAddress.KERNEL32(00000000), ref: 02B55DA0
                                                  • _malloc.LIBCMT ref: 02B55DB5
                                                    • Part of subcall function 02B79C52: __FF_MSGBANNER.LIBCMT ref: 02B79C69
                                                    • Part of subcall function 02B79C52: __NMSG_WRITE.LIBCMT ref: 02B79C70
                                                    • Part of subcall function 02B79C52: RtlAllocateHeap.NTDLL(00A40000,00000000,00000001,00000000,00000000,00000000,?,02B87D0E,?,?,?,00000000,?,02B87EE1,00000018,02B99648), ref: 02B79C95
                                                  • GetIpForwardTable.IPHLPAPI(00000000,?,00000001), ref: 02B55DD3
                                                  • GetLastError.KERNEL32 ref: 02B55DDC
                                                  • _free.LIBCMT ref: 02B560A5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: AddressAllocateErrorForwardHandleHeapLastModuleProcTable_free_malloc
                                                  • String ID: GetIpForwardTable2$Iphlpapi.dll
                                                  • API String ID: 2545222461-3081624902
                                                  • Opcode ID: 7acb74e66183f026b702b013c9dbf758b87bb133a45ace163a3e6e474253a662
                                                  • Instruction ID: a344a748cd31afef17d8a841b9186a23ce378f81836b8cad65ea25de76422105
                                                  • Opcode Fuzzy Hash: 7acb74e66183f026b702b013c9dbf758b87bb133a45ace163a3e6e474253a662
                                                  • Instruction Fuzzy Hash: 80B11BB1D00219DFDF20DFA8C884BDDBBB4FF08344F5445AAE918AB241D7749A558F54
                                                  Function 028D8F17 Relevance: 24.2, APIs: 16, Instructions: 210networkCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 134 28d8f17-28d8f5a call 28e1380 call 28da57d 139 28d8f5b-28d8f5d 134->139 140 28d8f5f-28d8f7a recv 139->140 141 28d8f91-28d8f94 139->141 142 28d8f80-28d8f88 140->142 143 28d9093-28d9098 140->143 144 28d911c-28d9126 GetLastError 141->144 145 28d8f9a-28d8f9e 141->145 142->139 147 28d8f8a-28d8f8f 142->147 146 28d9116 SetLastError 143->146 148 28d912f-28d9143 call 28da593 144->148 149 28d9128-28d9129 call 28e0078 144->149 150 28d8ffe-28d9041 call 28e0150 call 28d54a7 htonl call 28e00b0 145->150 151 28d8fa0-28d8fa9 145->151 146->144 147->139 160 28d912e 149->160 169 28d904a-28d9063 call 28e3478 150->169 170 28d9043-28d9045 150->170 153 28d8fac-28d8fae 151->153 157 28d8ff1-28d8ff5 SetLastError 153->157 158 28d8fb0-28d8fd3 recv 153->158 163 28d90fe-28d9103 157->163 161 28d8ffa-28d8ffc 158->161 162 28d8fd5-28d8fe0 GetLastError 158->162 160->148 161->153 162->153 165 28d8fe2-28d8feb SetLastError 162->165 163->144 165->144 165->157 173 28d90ab-28d90ad 169->173 174 28d9065-28d907c recv 169->174 170->146 173->144 177 28d90af-28d90bb call 28d54cc 173->177 175 28d907e-28d9089 GetLastError 174->175 176 28d909a 174->176 178 28d909c-28d909e 175->178 179 28d908b-28d908d 175->179 176->178 184 28d90bd-28d90d4 call 28e1a28 177->184 185 28d9105-28d910d call 28d5c13 177->185 181 28d90a8 178->181 182 28d90a0-28d90a6 178->182 179->143 179->144 181->173 182->174 184->185 190 28d90d6-28d90e6 call 28d63dc 184->190 188 28d9112-28d9115 185->188 188->146 190->144 193 28d90e8-28d90fc call 28d62d0 SetLastError 190->193 193->163
                                                  APIs
                                                    • Part of subcall function 028DA57D: WaitForSingleObject.KERNEL32(?,000000FF,?,028D4C1A,00000001,00000000,?,028D4BFE,00000000,00000000,028D6978,00000000,00000000,028D7DFF), ref: 028DA58B
                                                  • recv.WS2_32(?,00000000,00000020,00000000), ref: 028D8F72
                                                  • recv.WS2_32(?,?,-000000E4,00000000), ref: 028D8FCB
                                                  • GetLastError.KERNEL32 ref: 028D8FD5
                                                  • SetLastError.KERNEL32(00000490), ref: 028D8FE7
                                                  • SetLastError.KERNEL32(00000000), ref: 028D8FF3
                                                  • _memmove.LIBCMT ref: 028D9008
                                                  • htonl.WS2_32(?), ref: 028D9022
                                                  • _malloc.LIBCMT ref: 028D9037
                                                  • _memcpy_s.LIBCMT ref: 028D9053
                                                  • recv.WS2_32(?,00000020,-00000008,00000000), ref: 028D9072
                                                  • GetLastError.KERNEL32 ref: 028D907E
                                                  • _memcmp.LIBCMT ref: 028D90CA
                                                  • SetLastError.KERNEL32(00000000), ref: 028D90F6
                                                  • SetLastError.KERNEL32(00000000), ref: 028D9116
                                                  • GetLastError.KERNEL32 ref: 028D911C
                                                  • _free.LIBCMT ref: 028D9129
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLast$recv$ObjectSingleWait_free_malloc_memcmp_memcpy_s_memmovehtonl
                                                  • String ID:
                                                  • API String ID: 241723272-0
                                                  • Opcode ID: e0ac8cf1b015a816fddf8112e3c9aeeaf0c0ca1e09316e3749df5ae480a2027a
                                                  • Instruction ID: dff08a940749754ce291aca7fd483bb751adcf253ce3236b96bb43bbee3c403f
                                                  • Opcode Fuzzy Hash: e0ac8cf1b015a816fddf8112e3c9aeeaf0c0ca1e09316e3749df5ae480a2027a
                                                  • Instruction Fuzzy Hash: FE61A57EE00209EFDF11DAA9DC49F9E7BB9AF08314F040065EA09F7191EB74D9588B61
                                                  Function 02B55B3D Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 196libraryloaderCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 196 2b55b3d-2b55b68 GetModuleHandleA GetProcAddress 197 2b55b7c-2b55b98 GetAdaptersAddresses call 2b79c52 196->197 198 2b55b6a-2b55b77 call 2b559dc 196->198 204 2b55ba2-2b55baf GetAdaptersAddresses 197->204 205 2b55b9a-2b55b9d 197->205 203 2b55d66-2b55d6b 198->203 207 2b55bb1 GetLastError 204->207 208 2b55bbe-2b55bc1 204->208 206 2b55d65 205->206 206->203 211 2b55bb7-2b55bb9 207->211 209 2b55bc3-2b55bd0 call 2b559dc 208->209 210 2b55bd2-2b55bfd call 2b7a3e0 GetVersionExA 208->210 209->211 219 2b55c00-2b55c6b 210->219 212 2b55d5c-2b55d5d call 2b79c1a 211->212 218 2b55d62-2b55d63 212->218 218->206 225 2b55d35-2b55d53 219->225 226 2b55c71 219->226 225->219 234 2b55d59 225->234 227 2b55c73-2b55c82 226->227 228 2b55c84-2b55c8a 227->228 229 2b55c90-2b55c9a 227->229 228->229 231 2b55d27-2b55d2c 228->231 232 2b55c9c-2b55ca0 229->232 233 2b55ca9-2b55cae 229->233 231->227 236 2b55d32 231->236 235 2b55ca1-2b55ca7 htonl 232->235 237 2b55cb5 233->237 238 2b55cb0-2b55cb3 233->238 234->212 239 2b55cb7-2b55cbc 235->239 236->225 237->239 238->235 240 2b55cd5-2b55cde 239->240 241 2b55cbe-2b55cd2 239->241 242 2b55ce0-2b55cf7 240->242 243 2b55cf9-2b55d24 240->243 241->240 242->231 243->231
                                                  APIs
                                                  • GetModuleHandleA.KERNEL32(iphlpapi,GetAdaptersAddresses,?,00000000), ref: 02B55B57
                                                  • GetProcAddress.KERNEL32(00000000), ref: 02B55B5E
                                                  • GetAdaptersAddresses.IPHLPAPI(00000000,0000001E,00000000,00000000,?,?,?,00000000), ref: 02B55B86
                                                  • _malloc.LIBCMT ref: 02B55B8B
                                                    • Part of subcall function 02B559DC: _malloc.LIBCMT ref: 02B559EF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _malloc$AdaptersAddressAddressesHandleModuleProc
                                                  • String ID: GetAdaptersAddresses$H$iphlpapi
                                                  • API String ID: 1870841463-3924183088
                                                  • Opcode ID: 922674d26ddf2f26542c04eb0e82da928e1aa40e93ce6df7892f4a200777ec85
                                                  • Instruction ID: 6cc62d437e929f9f62c1a1a4fc34f6ef9fb63d66687bc0bfc54b5ca5e44bfa65
                                                  • Opcode Fuzzy Hash: 922674d26ddf2f26542c04eb0e82da928e1aa40e93ce6df7892f4a200777ec85
                                                  • Instruction Fuzzy Hash: 3A61BFB6940225EFDB209FA8DD45F9A7BB9FB08351F400495FA09AB251D770D950CFA0
                                                  Function 028D7D0F Relevance: 21.2, APIs: 14, Instructions: 249threadCOMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 248 28d7d0f-28d7d7d call 28e07a0 call 28e0a40 * 2 call 28da796 call 28e19d7 call 28e0dfd call 28da645 call 28d65af 265 28d7d8c-28d7da2 call 28d5466 248->265 266 28d7d7f 248->266 272 28d7dab 265->272 273 28d7da4-28d7da9 265->273 267 28d7d81-28d7d87 SetLastError 266->267 269 28d7fac-28d7fe6 call 28d6dc2 call 28d1109 call 28d6619 call 28e07db 267->269 275 28d7daf-28d7dc6 call 28d8185 272->275 273->275 281 28d7dcf-28d7dd7 275->281 282 28d7dc8-28d7dcd 275->282 284 28d7dd9-28d7ddf 281->284 285 28d7de0-28d7e3e call 28d6971 call 28d805c call 28e00b0 call 28e3478 OpenThreadToken 281->285 282->267 284->285 298 28d7e4f-28d7e58 call 28d6d99 285->298 299 28d7e40-28d7e49 GetCurrentProcess OpenProcessToken 285->299 302 28d7e5a-28d7e5c 298->302 303 28d7e61-28d7ef5 call 28d7feb GetProcessWindowStation GetUserObjectInformationA call 28e0b7b * 2 GetCurrentThreadId GetThreadDesktop GetUserObjectInformationA call 28e0b7b * 2 call 28d5466 298->303 299->298 302->267 316 28d7ef8-28d7efd 303->316 317 28d7f03-28d7f08 316->317 318 28d7f92-28d7f96 316->318 321 28d7f1d-28d7f22 call 28d9144 317->321 322 28d7f0a-28d7f10 317->322 319 28d7f98-28d7fa3 call 28d814a 318->319 320 28d7fa5-28d7fab call 28d69cb 318->320 319->318 320->269 325 28d7f25-28d7f31 321->325 322->321 331 28d7f12-28d7f1b 322->331 329 28d7f37-28d7f3f 325->329 330 28d7f33-28d7f36 325->330 332 28d7f57-28d7f59 329->332 333 28d7f41-28d7f43 329->333 330->329 331->316 337 28d7f5b-28d7f60 332->337 338 28d7f6a-28d7f70 332->338 335 28d7f4f 333->335 336 28d7f45-28d7f48 333->336 341 28d7f51-28d7f56 335->341 336->335 340 28d7f4a-28d7f4d 336->340 337->318 342 28d7f62-28d7f68 337->342 339 28d7f73-28d7f77 338->339 343 28d7f79-28d7f82 call 28d5423 339->343 344 28d7f86-28d7f8d call 28d6105 339->344 340->341 341->332 342->339 343->344 344->316
                                                  APIs
                                                  • _memset.LIBCMT ref: 028D7D37
                                                  • _memset.LIBCMT ref: 028D7D4B
                                                    • Part of subcall function 028DA796: LoadLibraryA.KERNEL32(kernel32.dll,028D7D58,?,00000000,000000FF,?,00000000,000000FF,028F5488,00000214,028D5B98,?,00000001,?,?), ref: 028DA79B
                                                    • Part of subcall function 028DA796: GetProcAddress.KERNEL32(00000000,SetThreadErrorMode), ref: 028DA7A7
                                                  • __time64.LIBCMT ref: 028D7D59
                                                    • Part of subcall function 028E19D7: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,028D7D5E,00000000,?,00000000,000000FF,?,00000000,000000FF,028F5488,00000214,028D5B98,?), ref: 028E19E0
                                                    • Part of subcall function 028E19D7: __aulldiv.LIBCMT ref: 028E1A00
                                                    • Part of subcall function 028DA645: _malloc.LIBCMT ref: 028DA64E
                                                    • Part of subcall function 028DA645: _memset.LIBCMT ref: 028DA664
                                                    • Part of subcall function 028DA645: GetCurrentThreadId.KERNEL32 ref: 028DA66C
                                                    • Part of subcall function 028DA645: LoadLibraryA.KERNEL32(kernel32.dll,?,?,000000FF,?,?,?,?,?,?,?,?,?,028D7D6F), ref: 028DA681
                                                    • Part of subcall function 028DA645: GetProcAddress.KERNEL32(00000000,OpenThread), ref: 028DA692
                                                    • Part of subcall function 028DA645: FreeLibrary.KERNEL32(00000000,?,?,000000FF,?,?,?,?,?,?,?,?,?,028D7D6F), ref: 028DA701
                                                    • Part of subcall function 028D65AF: _calloc.LIBCMT ref: 028D65B4
                                                  • SetLastError.KERNEL32(0000000A), ref: 028D7D81
                                                  • _malloc.LIBCMT ref: 028D7E13
                                                  • _memcpy_s.LIBCMT ref: 028D7E1F
                                                  • OpenThreadToken.ADVAPI32(?,000F01FF,00000001,0000001C), ref: 028D7E36
                                                  • GetCurrentProcess.KERNEL32(000F01FF,0000001C), ref: 028D7E42
                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 028D7E49
                                                  • GetProcessWindowStation.USER32(00000002,?,00000100,00000000), ref: 028D7E82
                                                  • GetUserObjectInformationA.USER32(00000000), ref: 028D7E8F
                                                  • GetCurrentThreadId.KERNEL32 ref: 028D7EBD
                                                  • GetThreadDesktop.USER32(00000000), ref: 028D7EC4
                                                  • GetUserObjectInformationA.USER32(00000000), ref: 028D7ECB
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Thread$CurrentLibraryProcess_memset$AddressInformationLoadObjectOpenProcTimeTokenUser_malloc$DesktopErrorFileFreeLastStationSystemWindow__aulldiv__time64_calloc_memcpy_s
                                                  • String ID:
                                                  • API String ID: 3017021961-0
                                                  • Opcode ID: 258563f124399555c4fce7e3a3c2e76598fc002e499f981a2973c135f4f4f7d3
                                                  • Instruction ID: 6a82bbe641ce83b4e44c96dbb701c22f47781a87230d0aa86bf9b70af7cee47e
                                                  • Opcode Fuzzy Hash: 258563f124399555c4fce7e3a3c2e76598fc002e499f981a2973c135f4f4f7d3
                                                  • Instruction Fuzzy Hash: E281B2BD900615AFDB24EF69D884FAAB7B9FF08314F104559E509D7A40EB34E818CFA1
                                                  Function 02B5D12F Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 87COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • _memset.LIBCMT ref: 02B5D157
                                                  • _memset.LIBCMT ref: 02B5D165
                                                  • _memset.LIBCMT ref: 02B5D173
                                                    • Part of subcall function 02B5D0CD: GetCurrentThread.KERNEL32 ref: 02B5D0DF
                                                    • Part of subcall function 02B5D0CD: OpenThreadToken.ADVAPI32(00000000,?,?,?,02B5D189,?,00001000,?,00000000,00000400,?,00000000,00000400,?,00000000,00000400), ref: 02B5D0E6
                                                    • Part of subcall function 02B5D0CD: GetCurrentProcess.KERNEL32(00000008,?,?,?,?,02B5D189,?,00001000,?,00000000,00000400,?,00000000,00000400,?,00000000), ref: 02B5D0F6
                                                    • Part of subcall function 02B5D0CD: OpenProcessToken.ADVAPI32(00000000,?,?,?,02B5D189,?,00001000,?,00000000,00000400,?,00000000,00000400,?,00000000,00000400), ref: 02B5D0FD
                                                    • Part of subcall function 02B5D0CD: GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),?,?,?,?,?,?,02B5D189,?,00001000,?,00000000,00000400,?,00000000), ref: 02B5D116
                                                    • Part of subcall function 02B5D0CD: GetLastError.KERNEL32(?,?,?,02B5D189,?,00001000,?,00000000,00000400,?,00000000,00000400,?,00000000,00000400,00000000), ref: 02B5D120
                                                  • LookupAccountSidW.ADVAPI32(00000000,?,?,?,?,?,?), ref: 02B5D1B5
                                                  • GetLastError.KERNEL32 ref: 02B5D1BF
                                                  • __snprintf.LIBCMT ref: 02B5D204
                                                  • _free.LIBCMT ref: 02B5D20A
                                                  • _free.LIBCMT ref: 02B5D210
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Token_memset$CurrentErrorLastOpenProcessThread_free$AccountInformationLookup__snprintf
                                                  • String ID: %s\%s
                                                  • API String ID: 3843397569-4073750446
                                                  • Opcode ID: 9e111db90a4adaa6a89fdfcca8c58e3acac0fe85612c74ce2558c5100c143b37
                                                  • Instruction ID: 199aeefe8586e92c382e8858a28ba50fc6cc5f7fa68629cd27e0487e93b399da
                                                  • Opcode Fuzzy Hash: 9e111db90a4adaa6a89fdfcca8c58e3acac0fe85612c74ce2558c5100c143b37
                                                  • Instruction Fuzzy Hash: 932141B6940118EBDB11DBA4CC85EDEB7BDEF09380F0042E2FA09E7100DA719A458FA4
                                                  Function 028D42B1 Relevance: 15.2, APIs: 10, Instructions: 155COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 406 28d42b1-28d42da call 28e0a40 409 28d42dc-28d42de 406->409 410 28d444c-28d445f 409->410 411 28d42e4-28d42ee 409->411 411->410 412 28d42f4-28d42f6 411->412 412->410 413 28d42fc-28d4315 htonl * 2 412->413 414 28d431c-28d431f 413->414 415 28d4317 413->415 416 28d432b-28d4331 414->416 417 28d4321-28d4325 414->417 415->414 419 28d433c-28d4349 416->419 420 28d4333-28d4337 416->420 417->416 418 28d4439 417->418 421 28d443c-28d4446 418->421 419->410 422 28d434f-28d437b htonl * 2 419->422 420->418 421->409 421->410 423 28d4381-28d438d call 28e00b0 422->423 424 28d4460-28d4466 422->424 427 28d4415 423->427 428 28d4393-28d43a8 htonl 423->428 424->421 429 28d4418-28d441a 427->429 428->427 430 28d43aa-28d43b5 call 28e00b0 428->430 432 28d441c-28d441e 429->432 433 28d4436 429->433 430->427 438 28d43b7-28d43c9 call 28db59c 430->438 432->433 435 28d4420-28d4422 432->435 433->418 436 28d442f-28d4435 call 28e0078 435->436 437 28d4424-28d442e call 28e0078 435->437 436->433 437->436 443 28d43ce-28d43d3 438->443 443->427 445 28d43d5-28d43ed 443->445 446 28d43ef-28d4400 call 28d4bd3 445->446 447 28d4402-28d4413 call 28d4db9 445->447 446->427 446->447 447->429
                                                  APIs
                                                  • _memset.LIBCMT ref: 028D42CC
                                                  • htonl.WS2_32(?), ref: 028D42FE
                                                  • htonl.WS2_32(00000000), ref: 028D430A
                                                  • htonl.WS2_32(00000000), ref: 028D4358
                                                  • htonl.WS2_32(?), ref: 028D435F
                                                  • _malloc.LIBCMT ref: 028D4383
                                                    • Part of subcall function 028E00B0: __FF_MSGBANNER.LIBCMT ref: 028E00C7
                                                    • Part of subcall function 028E00B0: __NMSG_WRITE.LIBCMT ref: 028E00CE
                                                    • Part of subcall function 028E00B0: RtlAllocateHeap.NTDLL(00A40000,00000000,00000001,00000000,00000000,00000000,?,028E9533,?,?,?,00000000,?,028E98AE,00000018,028F5608), ref: 028E00F3
                                                  • htonl.WS2_32(?), ref: 028D439D
                                                  • _malloc.LIBCMT ref: 028D43AB
                                                    • Part of subcall function 028D4BD3: _malloc.LIBCMT ref: 028D4BD6
                                                  • _free.LIBCMT ref: 028D4426
                                                  • _free.LIBCMT ref: 028D4430
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: htonl$_malloc$_free$AllocateHeap_memset
                                                  • String ID:
                                                  • API String ID: 4051244826-0
                                                  • Opcode ID: 135965f50f5cb10fa4664a9612d95993206070a9bcdba31f27cb9f2626bac654
                                                  • Instruction ID: 0545c574f87aaa346093f1cf7ed6ec4614c287d8364bcb2556db89e8d30faaab
                                                  • Opcode Fuzzy Hash: 135965f50f5cb10fa4664a9612d95993206070a9bcdba31f27cb9f2626bac654
                                                  • Instruction Fuzzy Hash: 8D515C7D901219DFDB20DFA8C884BAABBB6EF04314F188569E80DDB251D731E994CF91
                                                  Function 028D38F9 Relevance: 10.6, APIs: 7, Instructions: 53COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 492 28d38f9-28d3902 493 28d3904-28d3908 492->493 494 28d3981-28d3983 492->494 495 28d390a-28d391a call 28e0a40 call 28e0078 493->495 496 28d3922-28d3926 493->496 508 28d391f 495->508 497 28d396e-28d397e call 28e0a40 call 28e0078 496->497 498 28d3928-28d3931 call 28d4e16 496->498 497->494 506 28d395d-28d3962 498->506 509 28d3964-28d3967 call 28d4c07 506->509 510 28d3933-28d3936 506->510 508->496 515 28d396c-28d396d 509->515 513 28d394e-28d395c call 28e0078 call 28d4e16 510->513 514 28d3938-28d3946 call 28e0a40 call 28e0078 510->514 513->506 522 28d394b 514->522 515->497 522->513
                                                  APIs
                                                  • _memset.LIBCMT ref: 028D3912
                                                  • _memset.LIBCMT ref: 028D393F
                                                  • _free.LIBCMT ref: 028D3946
                                                  • _free.LIBCMT ref: 028D394F
                                                  • _free.LIBCMT ref: 028D391A
                                                    • Part of subcall function 028E0078: RtlFreeHeap.NTDLL(00000000,00000000,?,028E61E9,00000000,?,?,?,00000000,?,028E98AE,00000018,028F5608,00000008,028E97FB,?), ref: 028E008C
                                                    • Part of subcall function 028E0078: GetLastError.KERNEL32(00000000,?,028E61E9,00000000,?,?,?,00000000,?,028E98AE,00000018,028F5608,00000008,028E97FB,?,?), ref: 028E009E
                                                  • _memset.LIBCMT ref: 028D3973
                                                  • _free.LIBCMT ref: 028D3979
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free$_memset$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 622543930-0
                                                  • Opcode ID: bb85efa2e3596c918552d2b9a2c85f7b14eab1ead2804a289d3b48e183c02232
                                                  • Instruction ID: dc5245d6630b05bb1df0b65d369f102239932cd941a2ed4844ececa982fd91d6
                                                  • Opcode Fuzzy Hash: bb85efa2e3596c918552d2b9a2c85f7b14eab1ead2804a289d3b48e183c02232
                                                  • Instruction Fuzzy Hash: E101923E440600B7DE327669CC00F5ABBA7AF06725F180959E84EB54B09B72A464DE47
                                                  Function 02B5D0CD Relevance: 9.0, APIs: 6, Instructions: 40threadCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  APIs
                                                  • GetCurrentThread.KERNEL32 ref: 02B5D0DF
                                                  • OpenThreadToken.ADVAPI32(00000000,?,?,?,02B5D189,?,00001000,?,00000000,00000400,?,00000000,00000400,?,00000000,00000400), ref: 02B5D0E6
                                                  • GetCurrentProcess.KERNEL32(00000008,?,?,?,?,02B5D189,?,00001000,?,00000000,00000400,?,00000000,00000400,?,00000000), ref: 02B5D0F6
                                                  • OpenProcessToken.ADVAPI32(00000000,?,?,?,02B5D189,?,00001000,?,00000000,00000400,?,00000000,00000400,?,00000000,00000400), ref: 02B5D0FD
                                                  • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),?,?,?,?,?,?,02B5D189,?,00001000,?,00000000,00000400,?,00000000), ref: 02B5D116
                                                  • GetLastError.KERNEL32(?,?,?,02B5D189,?,00001000,?,00000000,00000400,?,00000000,00000400,?,00000000,00000400,00000000), ref: 02B5D120
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Token$CurrentOpenProcessThread$ErrorInformationLast
                                                  • String ID:
                                                  • API String ID: 632756016-0
                                                  • Opcode ID: 3506d12fed9236bc9acbcd56a3e5a1f1c2e184f2cbf255d8203237213838d38d
                                                  • Instruction ID: 763182975ee4fa217bda3d8ccf3942ca98efde1c339f89cf61675311d469c074
                                                  • Opcode Fuzzy Hash: 3506d12fed9236bc9acbcd56a3e5a1f1c2e184f2cbf255d8203237213838d38d
                                                  • Instruction Fuzzy Hash: 32F04475950119BBDB109FA5DD09F9E7B6CEB08691F004555F909D6100E7728A50ABA0
                                                  Function 028DA70F Relevance: 7.6, APIs: 5, Instructions: 56COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 546 28da70f-28da718 547 28da71e-28da72b call 28e00b0 546->547 548 28da71a-28da71c 546->548 552 28da72d-28da745 call 28e0a40 call 28da5a7 547->552 553 28da78c-28da78e 547->553 549 28da793-28da795 548->549 559 28da74e-28da77a CreateThread 552->559 560 28da747-28da74c call 28e0078 552->560 554 28da792 553->554 554->549 562 28da77c-28da78a call 28da5e7 call 28e0078 559->562 563 28da790 559->563 566 28da78b 560->566 562->566 563->554 566->553
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free_malloc_memset
                                                  • String ID:
                                                  • API String ID: 2338540524-0
                                                  • Opcode ID: de47b478c9d661f3176be477375d34852ced0efc469a0632ec934fa43b1bc610
                                                  • Instruction ID: dfc7c1da3a09bfbeed42644926d56c7943e4109c30cf3b73a5c95eae4faad11c
                                                  • Opcode Fuzzy Hash: de47b478c9d661f3176be477375d34852ced0efc469a0632ec934fa43b1bc610
                                                  • Instruction Fuzzy Hash: D301263D680705ABD725EF699C00F6B7BF49F00760F20482AE94EEA240E770E5088BD2
                                                  Function 028D3F7B Relevance: 4.6, APIs: 3, Instructions: 73COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetLastError.KERNEL32(00000000), ref: 028D400A
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 028D4010
                                                  • _free.LIBCMT ref: 028D4021
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLast$_free
                                                  • String ID:
                                                  • API String ID: 3170660625-0
                                                  • Opcode ID: 32e7ccb52add912fa30697dea8ffbe4836274f060cbd6ed7c80b992b631a9aa3
                                                  • Instruction ID: b340349da7e8b8714195df428c7a57d4663792cb2aaeea655e599060edcb02c8
                                                  • Opcode Fuzzy Hash: 32e7ccb52add912fa30697dea8ffbe4836274f060cbd6ed7c80b992b631a9aa3
                                                  • Instruction Fuzzy Hash: 0A21CD7E500109BBDF10AF68CC09EAE37B9EF04310F00446AF918E6541EB71EA58CFA2
                                                  Function 028DA52B Relevance: 4.5, APIs: 3, Instructions: 23synchronizationCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _malloc.LIBCMT ref: 028DA52E
                                                    • Part of subcall function 028E00B0: __FF_MSGBANNER.LIBCMT ref: 028E00C7
                                                    • Part of subcall function 028E00B0: __NMSG_WRITE.LIBCMT ref: 028E00CE
                                                    • Part of subcall function 028E00B0: RtlAllocateHeap.NTDLL(00A40000,00000000,00000001,00000000,00000000,00000000,?,028E9533,?,?,?,00000000,?,028E98AE,00000018,028F5608), ref: 028E00F3
                                                  • _memset.LIBCMT ref: 028DA541
                                                  • CreateMutexW.KERNEL32(00000000,00000000,00000000,028D65C2,00000000,028D7D79), ref: 028DA54C
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateCreateHeapMutex_malloc_memset
                                                  • String ID:
                                                  • API String ID: 2746245553-0
                                                  • Opcode ID: 73208656e0ec33ae180957cdb48b27d5fa87a41eb9b6d36c0132668ea7dfe537
                                                  • Instruction ID: ed8c7414b0579210185e2c2e4f4ab586ce2a93a729b92da1665e2e76a93230e9
                                                  • Opcode Fuzzy Hash: 73208656e0ec33ae180957cdb48b27d5fa87a41eb9b6d36c0132668ea7dfe537
                                                  • Instruction Fuzzy Hash: 96D05E7EA016612AD27036AB7C0CF5B5F6CCFC3F20F010419F709E6280DA600941C9E2
                                                  Function 028D66CB Relevance: 3.1, APIs: 2, Instructions: 118libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryA.KERNEL32(00000000), ref: 028D67B3
                                                  • GetLastError.KERNEL32 ref: 028D67BF
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLastLibraryLoad
                                                  • String ID:
                                                  • API String ID: 3568775529-0
                                                  • Opcode ID: 175316c89cca7355ae013fdb0aed3a723b5dc3b3417d7ccb5feb2153506172d6
                                                  • Instruction ID: 22b2024b2717aaa6b00d56c585aaa62cbb1569b1fb0943b42c6232d998e9e383
                                                  • Opcode Fuzzy Hash: 175316c89cca7355ae013fdb0aed3a723b5dc3b3417d7ccb5feb2153506172d6
                                                  • Instruction Fuzzy Hash: 9A311A7ED0021DBBCF126EA89C40AAEB7BE9F44754F010165E908F7201FB7589185F92
                                                  Function 028D50FC Relevance: 3.1, APIs: 2, Instructions: 54memoryCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualProtect.KERNEL32(?,?,00000040,?,028F5468,00000014,028D8071,00000000,-00000030,00000001,00000000,?,028D7E0E,00000000,-00000030), ref: 028D5140
                                                  • VirtualProtect.KERNEL32(?,?,?,?,?,028D7E0E,00000000,-00000030), ref: 028D5170
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ProtectVirtual
                                                  • String ID:
                                                  • API String ID: 544645111-0
                                                  • Opcode ID: 69b2ffa6662ec4d74299532d4b1e78ef1eefe2f1988251f5c961f2974a6bbdd1
                                                  • Instruction ID: 44fd33b4d723943f0b0a4cb37d0d8c6f24aabfa95814a949859b03e2c4b88fa0
                                                  • Opcode Fuzzy Hash: 69b2ffa6662ec4d74299532d4b1e78ef1eefe2f1988251f5c961f2974a6bbdd1
                                                  • Instruction Fuzzy Hash: E3111C7AD40219EEDF619FA4CC05EEE7BB4AF08710F44811AE919E6180E738D614CF61
                                                  Function 028D93F6 Relevance: 3.0, APIs: 2, Instructions: 40networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 028DA57D: WaitForSingleObject.KERNEL32(?,000000FF,?,028D4C1A,00000001,00000000,?,028D4BFE,00000000,00000000,028D6978,00000000,00000000,028D7DFF), ref: 028DA58B
                                                  • send.WS2_32(?,?,?,00000000), ref: 028D942C
                                                  • GetLastError.KERNEL32 ref: 028D943C
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLastObjectSingleWaitsend
                                                  • String ID:
                                                  • API String ID: 2747804604-0
                                                  • Opcode ID: 1278a463b674ab333a28712ec4c753a399fa7305906c55b84c3e79733296f8c8
                                                  • Instruction ID: 07d18a3206585d0f88c845bf84235ae0914156ac382ad2e0d2230e32f99b58c9
                                                  • Opcode Fuzzy Hash: 1278a463b674ab333a28712ec4c753a399fa7305906c55b84c3e79733296f8c8
                                                  • Instruction Fuzzy Hash: 5001E47A900219EBCB10AFA9D84888ABBA9FF48660B114556F918E7210D771FA648BD0
                                                  Function 028D4C07 Relevance: 3.0, APIs: 2, Instructions: 34COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 028DA57D: WaitForSingleObject.KERNEL32(?,000000FF,?,028D4C1A,00000001,00000000,?,028D4BFE,00000000,00000000,028D6978,00000000,00000000,028D7DFF), ref: 028DA58B
                                                  • _free.LIBCMT ref: 028D4C2C
                                                    • Part of subcall function 028E0078: RtlFreeHeap.NTDLL(00000000,00000000,?,028E61E9,00000000,?,?,?,00000000,?,028E98AE,00000018,028F5608,00000008,028E97FB,?), ref: 028E008C
                                                    • Part of subcall function 028E0078: GetLastError.KERNEL32(00000000,?,028E61E9,00000000,?,?,?,00000000,?,028E98AE,00000018,028F5608,00000008,028E97FB,?,?), ref: 028E009E
                                                  • _free.LIBCMT ref: 028D4C4E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLastObjectSingleWait
                                                  • String ID:
                                                  • API String ID: 45870167-0
                                                  • Opcode ID: e4ba919d42999cb3ebabef126494ea2aff1d5c50a59ac53c7ce044c61c998b6e
                                                  • Instruction ID: 40aa3d58c448e57a7dbceb1e853639c3ba84b45f4c39e7ae1519b8c77f1f8274
                                                  • Opcode Fuzzy Hash: e4ba919d42999cb3ebabef126494ea2aff1d5c50a59ac53c7ce044c61c998b6e
                                                  • Instruction Fuzzy Hash: 65F0A73F500605ABDB126B5DDC00B19F779AF52772F258515E41CEB520CB75E8288FE1
                                                  Function 028DA826 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CloseHandle.KERNEL32(C25D5E5F,?,?,028D1370,?), ref: 028DA841
                                                  • _free.LIBCMT ref: 028DA848
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CloseHandle_free
                                                  • String ID:
                                                  • API String ID: 3521661170-0
                                                  • Opcode ID: b1306d99227faa0a26e11f40c9728facb6fce4deea8a742427aab8e30f3961c6
                                                  • Instruction ID: ea3e773f7857d01cc8d0c20b7221bd61bf312922db9cf027153f42bca3aeb8e8
                                                  • Opcode Fuzzy Hash: b1306d99227faa0a26e11f40c9728facb6fce4deea8a742427aab8e30f3961c6
                                                  • Instruction Fuzzy Hash: A7D02B3E084124AF4B1536A4DC0086B3758DE012603100839ED1ED1410CB11A9014BC1
                                                  Function 028DA5E7 Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CloseHandle.KERNEL32(028DA784,00000000,?,028DA784,?), ref: 028DA5F8
                                                  • _free.LIBCMT ref: 028DA5FF
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CloseHandle_free
                                                  • String ID:
                                                  • API String ID: 3521661170-0
                                                  • Opcode ID: 80d1ecd24fbd20e70cbb5aa821cad3ac7263ec76997c6402422ce06e72d2c4c9
                                                  • Instruction ID: 17d34ca335972b9133a0188ea1f1071a5ae5e0c256a780bb2cedbbb4f7dd8ae1
                                                  • Opcode Fuzzy Hash: 80d1ecd24fbd20e70cbb5aa821cad3ac7263ec76997c6402422ce06e72d2c4c9
                                                  • Instruction Fuzzy Hash: 2BD0233E599074EB4B516AE4B800D57375CDE012E13140835ED4DE2100CE11940047D5
                                                  Function 028DA559 Relevance: 3.0, APIs: 2, Instructions: 17COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 028DA593: ReleaseMutex.KERNEL32(00000000,?,028DA56A,00000000,00000000,?,028D65EF,00000000,00000000,028D7D79), ref: 028DA59F
                                                  • CloseHandle.KERNEL32(00000000,00000000,?,028D65EF,00000000,00000000,028D7D79), ref: 028DA56D
                                                  • _free.LIBCMT ref: 028DA574
                                                    • Part of subcall function 028E0078: RtlFreeHeap.NTDLL(00000000,00000000,?,028E61E9,00000000,?,?,?,00000000,?,028E98AE,00000018,028F5608,00000008,028E97FB,?), ref: 028E008C
                                                    • Part of subcall function 028E0078: GetLastError.KERNEL32(00000000,?,028E61E9,00000000,?,?,?,00000000,?,028E98AE,00000018,028F5608,00000008,028E97FB,?,?), ref: 028E009E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CloseErrorFreeHandleHeapLastMutexRelease_free
                                                  • String ID:
                                                  • API String ID: 2515756032-0
                                                  • Opcode ID: cb2030a5f53f0e38e6b0e234e572836234876e6fb9d24bafb6c014e841055e51
                                                  • Instruction ID: eeacba2bc9d90c30b7c28c5c5ea51f879a541e7e6d87db592921d8adee25c549
                                                  • Opcode Fuzzy Hash: cb2030a5f53f0e38e6b0e234e572836234876e6fb9d24bafb6c014e841055e51
                                                  • Instruction Fuzzy Hash: D8D0233F441534A74D153A94E404D9D775CDD017703140419F90CB60008F572A0007D5
                                                  Function 028D137A Relevance: 1.6, APIs: 1, Instructions: 91COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ImpersonateLoggedOnUser.ADVAPI32(00000001,028F5448,00000020,028D11CB,00000000,?,?), ref: 028D139D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ImpersonateLoggedUser
                                                  • String ID:
                                                  • API String ID: 2216092060-0
                                                  • Opcode ID: 390058a1d112cd6bbd04ee96b836c6c9acb44b093d5cdcfd7fdee7540e95c9b6
                                                  • Instruction ID: deffb3f3ddb10190822fc42f95ca44f30f9f014ecdc667054a00f2410e39dbae
                                                  • Opcode Fuzzy Hash: 390058a1d112cd6bbd04ee96b836c6c9acb44b093d5cdcfd7fdee7540e95c9b6
                                                  • Instruction Fuzzy Hash: F521A53D9002059BDF18DFA9D89DFBE77BAEF09314F048119E40EE6180DB78A949CE61
                                                  Function 028D8EAD Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 028DA57D: WaitForSingleObject.KERNEL32(?,000000FF,?,028D4C1A,00000001,00000000,?,028D4BFE,00000000,00000000,028D6978,00000000,00000000,028D7DFF), ref: 028DA58B
                                                  • select.WS2_32(?,?,00000000,00000000,?), ref: 028D8EFE
                                                    • Part of subcall function 028DA593: ReleaseMutex.KERNEL32(00000000,?,028DA56A,00000000,00000000,?,028D65EF,00000000,00000000,028D7D79), ref: 028DA59F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: MutexObjectReleaseSingleWaitselect
                                                  • String ID:
                                                  • API String ID: 3242039827-0
                                                  • Opcode ID: 623b7be17addfbfaa60c91f1c98c79e51a7b395efd3e7f56a82b10c76d73762d
                                                  • Instruction ID: 5dba40697d6ea98bfb23b4c83bc193296f58392eb56a593c57811318748f37c2
                                                  • Opcode Fuzzy Hash: 623b7be17addfbfaa60c91f1c98c79e51a7b395efd3e7f56a82b10c76d73762d
                                                  • Instruction Fuzzy Hash: 37011D7A904118AFCB14DF98D8449D9FBF8EF18310F1042AAF948E3340D671AA948FD0
                                                  Function 02B534EA Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 02B5409F: GetCurrentDirectoryW.KERNEL32(00008000,?,00000000,?,02B5350A,00000000), ref: 02B540BB
                                                    • Part of subcall function 02B5409F: GetLastError.KERNEL32(?,02B5350A,00000000), ref: 02B540E1
                                                  • _free.LIBCMT ref: 02B53529
                                                    • Part of subcall function 02B79C1A: RtlFreeHeap.NTDLL(00000000,00000000,?,02B81D2C,00000000,?,?,?,00000000,?,02B87EE1,00000018,02B99648,00000008,02B87E2E,?), ref: 02B79C2E
                                                    • Part of subcall function 02B79C1A: GetLastError.KERNEL32(00000000,?,02B81D2C,00000000,?,?,?,00000000,?,02B87EE1,00000018,02B99648,00000008,02B87E2E,?,?), ref: 02B79C40
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$CurrentDirectoryFreeHeap_free
                                                  • String ID:
                                                  • API String ID: 1724873633-0
                                                  • Opcode ID: 09dfca29a86ee8860ee5efd638ae89647ff1888892e724dd4a5e2ae837b8368a
                                                  • Instruction ID: ac63ec8b7743b312e7a12155919fc7e49213cb4615ce80fab217de3cda399fa6
                                                  • Opcode Fuzzy Hash: 09dfca29a86ee8860ee5efd638ae89647ff1888892e724dd4a5e2ae837b8368a
                                                  • Instruction Fuzzy Hash: 45F06236C00108FBCB01AFA4E805E9E7BBAEF453A1F1401D9F9085B111DB729E64DBD4
                                                  Function 028DA7B8 Relevance: 1.5, APIs: 1, Instructions: 13threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ResumeThread.KERNEL32(570875FF,?,028D11BE,00000000), ref: 028DA7C7
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ResumeThread
                                                  • String ID:
                                                  • API String ID: 947044025-0
                                                  • Opcode ID: 4065e9d951d84c0cf1af1e3b853e0bab9e3a1b5274f8f139c2ab3825a18824e8
                                                  • Instruction ID: 4e0e27cdeb18d305a84f775b57136cce8aa00ae5c8d696a7f2d2aaad9f3876ce
                                                  • Opcode Fuzzy Hash: 4065e9d951d84c0cf1af1e3b853e0bab9e3a1b5274f8f139c2ab3825a18824e8
                                                  • Instruction Fuzzy Hash: AAC08C356902089B9B00AFA8E84CD213BECEB0498A3048060F40CCA011E322E4609540
                                                  Function 028DBA0B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _calloc.LIBCMT ref: 028DBA14
                                                    • Part of subcall function 028E0911: __calloc_impl.LIBCMT ref: 028E0924
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: __calloc_impl_calloc
                                                  • String ID:
                                                  • API String ID: 2108883976-0
                                                  • Opcode ID: 40034034b21c50c29a4c7241338643baab77ae70f8fa1130cdab406508f90db1
                                                  • Instruction ID: 21ed6aa6786c0bbae152150403918f9d01556c0d18d20817dd82c16e191468f3
                                                  • Opcode Fuzzy Hash: 40034034b21c50c29a4c7241338643baab77ae70f8fa1130cdab406508f90db1
                                                  • Instruction Fuzzy Hash: 2DB0123700C30C7FAF053E85FC028593B9EEB11231B20441AF91C051706EB3B9305A49

                                                  Non-executed Functions

                                                  Function 02B58B1D Relevance: 140.7, APIs: 65, Strings: 15, Instructions: 713libraryloaderprocessCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 02B58B60
                                                  • _memset.LIBCMT ref: 02B58B6F
                                                  • _calloc.LIBCMT ref: 02B58C18
                                                  • __snprintf.LIBCMT ref: 02B58C4E
                                                  • _mbstowcs.LIBCMT ref: 02B58C6B
                                                  • _calloc.LIBCMT ref: 02B58C81
                                                  • _mbstowcs.LIBCMT ref: 02B58C93
                                                  • _malloc.LIBCMT ref: 02B58CBE
                                                  • _memset.LIBCMT ref: 02B58CE3
                                                  • CreatePipe.KERNEL32(?,?,?,00000000), ref: 02B58D59
                                                  • CreatePipe.KERNEL32(?,?,?,00000000), ref: 02B58D75
                                                  • LoadLibraryA.KERNEL32(kernel32.dll), ref: 02B58E17
                                                  • GetProcAddress.KERNEL32(00000000,InitializeProcThreadAttributeList), ref: 02B58E2C
                                                  • GetProcAddress.KERNEL32(?,UpdateProcThreadAttribute), ref: 02B58E39
                                                  • OpenProcess.KERNEL32(00000000,?,00000000), ref: 02B58E6B
                                                  • GetLastError.KERNEL32(?,00000000), ref: 02B58EBC
                                                  • _wprintf.LIBCMT ref: 02B58EC4
                                                  • GetLastError.KERNEL32(?,00000000), ref: 02B58ECB
                                                  • GetCurrentThread.KERNEL32 ref: 02B58F85
                                                  • OpenThreadToken.ADVAPI32(00000000), ref: 02B58F8C
                                                  • GetCurrentProcess.KERNEL32(000F01FF,?), ref: 02B58F9F
                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 02B58FA6
                                                  • DuplicateTokenEx.ADVAPI32(?,000F01FF,00000000,00000003,00000001,?), ref: 02B58FBE
                                                  • DuplicateTokenEx.ADVAPI32(?,000F01FF,00000000,00000002,00000001,?), ref: 02B58FDA
                                                  • LoadLibraryA.KERNEL32(userenv.dll), ref: 02B58FED
                                                  • GetProcAddress.KERNEL32(00000000,CreateEnvironmentBlock), ref: 02B59000
                                                  • GetProcAddress.KERNEL32(?,DestroyEnvironmentBlock), ref: 02B59011
                                                  • CreateProcessAsUserW.ADVAPI32(?,00000000,?,00000000,00000000,?,00000000,?,00000000,00000044,?), ref: 02B5905C
                                                  • GetLastError.KERNEL32 ref: 02B59070
                                                  • LoadLibraryA.KERNEL32(advapi32.dll), ref: 02B59085
                                                  • GetProcAddress.KERNEL32(00000000,CreateProcessWithTokenW), ref: 02B5909C
                                                  • _mbstowcs.LIBCMT ref: 02B590B4
                                                  • _malloc.LIBCMT ref: 02B590D0
                                                  • _mbstowcs.LIBCMT ref: 02B590DF
                                                  • _mbstowcs.LIBCMT ref: 02B590FA
                                                  • _malloc.LIBCMT ref: 02B59112
                                                  • _mbstowcs.LIBCMT ref: 02B59126
                                                  • GetLastError.KERNEL32 ref: 02B59157
                                                  • FreeLibrary.KERNEL32(00000000), ref: 02B59167
                                                  • _free.LIBCMT ref: 02B59175
                                                  • _free.LIBCMT ref: 02B59180
                                                  • FreeLibrary.KERNEL32(?), ref: 02B591A4
                                                  • LoadLibraryA.KERNEL32(wtsapi32.dll), ref: 02B591C2
                                                  • GetCurrentProcessId.KERNEL32 ref: 02B591E4
                                                  • GetProcAddress.KERNEL32(?,WTSQueryUserToken), ref: 02B59203
                                                  • CreateProcessAsUserW.ADVAPI32(00000000,00000000,?,00000000,00000000,?,00000000,00000000,00000000,00000044,?), ref: 02B59237
                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,00000000,00000000,00000000,00000044,?), ref: 02B59259
                                                  • GetLastError.KERNEL32 ref: 02B59263
                                                  • FreeLibrary.KERNEL32(?), ref: 02B5926F
                                                  • CloseHandle.KERNEL32(00000000), ref: 02B5927E
                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,00000000,00000000,00000000,00000044,?), ref: 02B592A8
                                                  • ResumeThread.KERNEL32(?), ref: 02B592DB
                                                  • CloseHandle.KERNEL32(?), ref: 02B59332
                                                  • _free.LIBCMT ref: 02B58EE1
                                                    • Part of subcall function 02B79C1A: RtlFreeHeap.NTDLL(00000000,00000000,?,02B81D2C,00000000,?,?,?,00000000,?,02B87EE1,00000018,02B99648,00000008,02B87E2E,?), ref: 02B79C2E
                                                    • Part of subcall function 02B79C1A: GetLastError.KERNEL32(00000000,?,02B81D2C,00000000,?,?,?,00000000,?,02B87EE1,00000018,02B99648,00000008,02B87E2E,?,?), ref: 02B79C40
                                                  • GetLastError.KERNEL32(?,00000000), ref: 02B58F16
                                                  • FreeLibrary.KERNEL32(?,?,00000000), ref: 02B58F34
                                                  • _malloc.LIBCMT ref: 02B58E9E
                                                    • Part of subcall function 02B79C52: __FF_MSGBANNER.LIBCMT ref: 02B79C69
                                                    • Part of subcall function 02B79C52: __NMSG_WRITE.LIBCMT ref: 02B79C70
                                                    • Part of subcall function 02B79C52: RtlAllocateHeap.NTDLL(00A40000,00000000,00000001,00000000,00000000,00000000,?,02B87D0E,?,?,?,00000000,?,02B87EE1,00000018,02B99648), ref: 02B79C95
                                                  • GetLastError.KERNEL32 ref: 02B58EE9
                                                  • CloseHandle.KERNEL32(00000000), ref: 02B59348
                                                  • CloseHandle.KERNEL32(00000000), ref: 02B59357
                                                  • _free.LIBCMT ref: 02B59366
                                                  • _free.LIBCMT ref: 02B59374
                                                  • _free.LIBCMT ref: 02B5937F
                                                  • _free.LIBCMT ref: 02B59394
                                                  • _free.LIBCMT ref: 02B593A3
                                                    • Part of subcall function 02B59768: _strlen.LIBCMT ref: 02B59796
                                                    • Part of subcall function 02B59768: _malloc.LIBCMT ref: 02B597E9
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorLastLibraryProcess_free$AddressCreateProc_mbstowcs$Free_malloc$CloseHandleLoadToken$CurrentOpenThread_memset$DuplicateHeapPipeUser_calloc$AllocateResume__snprintf_strlen_wprintf
                                                  • String ID: %s\%s$CreateEnvironmentBlock$CreateProcessWithTokenW$DestroyEnvironmentBlock$H$InitializeProcThreadAttributeList$UpdateProcThreadAttribute$WTSQueryUserToken$[execute] InitializeProcThreadAttributeList: [%d]$[execute] UpdateProcThreadAttribute: [%d]$advapi32.dll$kernel32.dll$process$userenv.dll$wtsapi32.dll
                                                  • API String ID: 1105026473-4087365128
                                                  • Opcode ID: dbeee820996cdc2d2835908c408789c6ff0431e1ed9230eb5b7640fff5390114
                                                  • Instruction ID: 58fb6461314b191dee28676ab255fe666178ce034dc9dd79df86aac443cdb9ef
                                                  • Opcode Fuzzy Hash: dbeee820996cdc2d2835908c408789c6ff0431e1ed9230eb5b7640fff5390114
                                                  • Instruction Fuzzy Hash: FE425C71D50229EFEF109FA8DD49BAE7BB9FF08340F1444A9E909AB190D7719980CF50
                                                  Function 06544921 Relevance: 63.3, APIs: 34, Strings: 2, Instructions: 324servicethreadmemoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 0654495D
                                                  • _memset.LIBCMT ref: 06544977
                                                    • Part of subcall function 06541308: LoadLibraryA.KERNEL32(kernel32.dll), ref: 06541326
                                                    • Part of subcall function 06541308: GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 06541338
                                                    • Part of subcall function 06541308: FreeLibrary.KERNEL32(00000000), ref: 06541366
                                                  • GetVersionExA.KERNEL32(?), ref: 065449BD
                                                  • GetLastError.KERNEL32 ref: 065449C7
                                                  • GetLastError.KERNEL32 ref: 06544A80
                                                  • CloseServiceHandle.ADVAPI32(00000000), ref: 06544A8C
                                                  • _free.LIBCMT ref: 06544A97
                                                  • SetLastError.KERNEL32(00000000), ref: 06544A9E
                                                  • _malloc.LIBCMT ref: 06544AB0
                                                    • Part of subcall function 065458CC: __FF_MSGBANNER.LIBCMT ref: 065458E3
                                                    • Part of subcall function 065458CC: __NMSG_WRITE.LIBCMT ref: 065458EA
                                                    • Part of subcall function 065458CC: HeapAlloc.KERNEL32(00A40000,00000000,00000001,00000000,00000000,00000000,?,06549D21,?,?,?,00000000,?,0654C967,00000018,06559EB0), ref: 0654590F
                                                  • EnumServicesStatusA.ADVAPI32(00000000,00000030,00000001,00000000,?,?,?,00000000), ref: 06544AD0
                                                  • OpenServiceA.ADVAPI32(00000000,?,00000004), ref: 06544AF0
                                                  • QueryServiceStatusEx.ADVAPI32(00000000,00000000,?,00000024,?), ref: 06544B0E
                                                  • OpenProcess.KERNEL32(0000043A,00000000,?), ref: 06544B30
                                                  • GetCurrentThreadId.KERNEL32 ref: 06544B41
                                                  • __snprintf_s.LIBCMT ref: 06544B5B
                                                  • _strlen.LIBCMT ref: 06544B71
                                                  • VirtualAllocEx.KERNEL32(?,00000000,00000001,00003000,00000004), ref: 06544B7E
                                                  • _strlen.LIBCMT ref: 06544B98
                                                  • WriteProcessMemory.KERNEL32(?,?,?,00000001,00000000), ref: 06544BAD
                                                    • Part of subcall function 06544E73: VirtualAllocEx.KERNEL32(?,00000000,?,00003000,00000004,06559CA0,00000010,06544BCF,?,?,?,?,?), ref: 06544EC0
                                                    • Part of subcall function 06544E73: WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 06544ED4
                                                    • Part of subcall function 06544E73: VirtualProtectEx.KERNEL32(?,?,?,00000020,?), ref: 06544EEA
                                                    • Part of subcall function 06544E73: CreateRemoteThread.KERNEL32(?,00000000,00100000,?,00000000,00000000,?), ref: 06544F09
                                                  • WaitForSingleObject.KERNEL32(00000000,00007530,?,?,?,?,?), ref: 06544BDC
                                                  • GetExitCodeThread.KERNEL32(?,?), ref: 06544BEE
                                                  • GetCurrentThread.KERNEL32 ref: 06544C09
                                                  • OpenThreadToken.ADVAPI32(00000000), ref: 06544C10
                                                  • DuplicateToken.ADVAPI32(?,00000002,?), ref: 06544C23
                                                  • CloseServiceHandle.ADVAPI32(?), ref: 06544C45
                                                  • GetHandleInformation.KERNEL32(?,?), ref: 06544C57
                                                  • CloseHandle.KERNEL32(?), ref: 06544C64
                                                  • GetHandleInformation.KERNEL32(?,?), ref: 06544C7A
                                                  • CloseHandle.KERNEL32(?), ref: 06544C88
                                                  • GetHandleInformation.KERNEL32(00000000,?), ref: 06544CA0
                                                  • CloseHandle.KERNEL32(00000000), ref: 06544CAD
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Handle$CloseThread$Service$AllocErrorInformationLastOpenProcessVirtual$CurrentLibraryMemoryStatusTokenWrite_memset_strlen$AddressCodeCreateDuplicateEnumExitFreeHeapLoadObjectProcProtectQueryRemoteServicesSingleVersionWait__snprintf_s_free_malloc
                                                  • String ID: /t:0x%08X$SeDebugPrivilege
                                                  • API String ID: 61161659-2625622331
                                                  • Opcode ID: e6ab24f33d58ad661027499032189f89fa9ffeef63fc10f51a0773681631a6c8
                                                  • Instruction ID: fc299f149e3a88576c9de1c25fc7def50c2320f1286455f467537b96175850e2
                                                  • Opcode Fuzzy Hash: e6ab24f33d58ad661027499032189f89fa9ffeef63fc10f51a0773681631a6c8
                                                  • Instruction Fuzzy Hash: 20B16B71E40309AFDB50AFA1DD49BAEBBF9FF04718F1440A9E605E6150EB709948DFA0
                                                  Function 02B5E37E Relevance: 63.3, APIs: 26, Strings: 10, Instructions: 257keyboardtimethreadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 02B5E3B0
                                                  • _memset.LIBCMT ref: 02B5E3C7
                                                  • _memset.LIBCMT ref: 02B5E3DE
                                                  • GetKeyState.USER32(00000014), ref: 02B5E3FE
                                                  • GetKeyState.USER32(00000091), ref: 02B5E405
                                                  • GetKeyState.USER32(00000090), ref: 02B5E40C
                                                  • GetKeyboardState.USER32(?), ref: 02B5E415
                                                  • GetForegroundWindow.USER32 ref: 02B5E435
                                                  • GetWindowThreadProcessId.USER32(00000000,?), ref: 02B5E442
                                                  • EnumChildWindows.USER32(00000000,02B5E77D,?), ref: 02B5E458
                                                  • OpenProcess.KERNEL32(00000400,00000000,?), ref: 02B5E467
                                                  • _wcscmp.LIBCMT ref: 02B5E4A1
                                                  • GetSystemTime.KERNEL32(?), ref: 02B5E4B4
                                                  • GetDateFormatW.KERNEL32(00000800,00000002,?,00000000,?,00000200), ref: 02B5E4D4
                                                  • GetTimeFormatW.KERNEL32(00000400,00000008,?,00000000,?,00000200), ref: 02B5E4EF
                                                  • __snwprintf.LIBCMT ref: 02B5E520
                                                  • _memset.LIBCMT ref: 02B5E538
                                                  • __snwprintf.LIBCMT ref: 02B5E549
                                                  • CloseHandle.KERNEL32(00000000), ref: 02B5E552
                                                  • GetAsyncKeyState.USER32(00000011), ref: 02B5E572
                                                  • GetKeyNameTextW.USER32(?,?,00000104), ref: 02B5E5C1
                                                  • __snwprintf.LIBCMT ref: 02B5E5EF
                                                  • ToUnicodeEx.USER32(?,00000000,?,?,00000010,00000000,00000000), ref: 02B5E611
                                                  • GetKeyNameTextW.USER32(00000000,?,00000104), ref: 02B5E632
                                                  • MapVirtualKeyA.USER32(00000090,00000000), ref: 02B5E655
                                                  • __snwprintf.LIBCMT ref: 02B5E6B4
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: State$__snwprintf_memset$FormatNameProcessTextTimeWindow$AsyncChildCloseDateEnumForegroundHandleKeyboardOpenSystemThreadUnicodeVirtualWindows_wcscmp
                                                  • String ID: **-[ %s | PID: %d-[ @ %s %s UTC**$%ls$<%ls>$<CR>$<LAlt>$<RAlt>$<Tab>$<^%ls>$<^H>$Logging started
                                                  • API String ID: 2357636918-38646251
                                                  • Opcode ID: bf469cfb2dca63742e913ee15ea7bfd67314dc905b6d3a94cafcf6a205097a59
                                                  • Instruction ID: e901572dde3eba8b59c62f982e1035926bc572c2bea1173e5d3ef191237f6d79
                                                  • Opcode Fuzzy Hash: bf469cfb2dca63742e913ee15ea7bfd67314dc905b6d3a94cafcf6a205097a59
                                                  • Instruction Fuzzy Hash: 8091AF75E50229BFEB109AA4DC85FEA37BCEB08780F0044A5F919E7191EB749B50CF60
                                                  Function 028D2625 Relevance: 51.0, APIs: 27, Strings: 2, Instructions: 264threadinjectionmemoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 028D4BD3: _malloc.LIBCMT ref: 028D4BD6
                                                  • VirtualAllocEx.KERNEL32(?,6B0095F0,00002000,00003000,00000040,00000000,00000000,?), ref: 028D26E1
                                                  • VirtualQueryEx.KERNEL32(?,00000000,00000000,0000001C), ref: 028D26FA
                                                  • _malloc.LIBCMT ref: 028D270B
                                                  • _memset.LIBCMT ref: 028D2724
                                                  • WriteProcessMemory.KERNEL32(?,?,00000000,?,00000000), ref: 028D2736
                                                  • WriteProcessMemory.KERNEL32(?,?,?,00000012,00000000), ref: 028D2757
                                                  • _free.LIBCMT ref: 028D2766
                                                  • LoadLibraryA.KERNEL32(ntdll), ref: 028D2771
                                                  • GetProcAddress.KERNEL32(00000000,NtQueueApcThread), ref: 028D2788
                                                  • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 028D279D
                                                  • GetLastError.KERNEL32(00000004,00000000), ref: 028D27AB
                                                  • Thread32First.KERNEL32(00000000,0000001C), ref: 028D27BB
                                                  • VirtualAllocEx.KERNEL32(?,00000000,0000012F,00003000,00000040,00000004,00000000), ref: 028D27D5
                                                  • WriteProcessMemory.KERNEL32(?,00000000,028F81B8,00000143,00000000), ref: 028D27F3
                                                  • WriteProcessMemory.KERNEL32(?,?,?,00000014,00000000), ref: 028D2809
                                                  • OpenThread.KERNEL32(001F03FF,00000000,?), ref: 028D2825
                                                  • SuspendThread.KERNEL32(00000000), ref: 028D2832
                                                  • CloseHandle.KERNEL32(00000000), ref: 028D285E
                                                  • Thread32Next.KERNEL32(00000000,0000001C), ref: 028D2869
                                                  • SetLastError.KERNEL32(0000000A,00000000,00000000,?), ref: 028D2876
                                                  • GetLastError.KERNEL32 ref: 028D287C
                                                  • Sleep.KERNEL32(000007D0), ref: 028D28B6
                                                  • ResumeThread.KERNEL32(00000000), ref: 028D28CF
                                                  • CloseHandle.KERNEL32(00000000), ref: 028D28D6
                                                  • CloseHandle.KERNEL32(?), ref: 028D28FB
                                                  • FreeLibrary.KERNEL32(00000002), ref: 028D2909
                                                  • SetLastError.KERNEL32(00000005,00000000,?), ref: 028D2910
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLastMemoryProcessWrite$CloseHandleThreadVirtual$AllocLibraryThread32_malloc$AddressCreateFirstFreeLoadNextOpenProcQueryResumeSleepSnapshotSuspendToolhelp32_free_memset
                                                  • String ID: NtQueueApcThread$ntdll
                                                  • API String ID: 3396850899-1374908105
                                                  • Opcode ID: 805e6c5660d77dcdb099fe9ee096e46bde9ae9e8b5bbfd97bc5e5ba0b6cd64ab
                                                  • Instruction ID: 1f6f75ff391c33b76f0d69dc85e33a286cfa8b7dccad1471f03e9c985dc1e82f
                                                  • Opcode Fuzzy Hash: 805e6c5660d77dcdb099fe9ee096e46bde9ae9e8b5bbfd97bc5e5ba0b6cd64ab
                                                  • Instruction Fuzzy Hash: 5591AE3DD8020AEBEB219FA4DC48FAE7BB9BF44714F140028FA09F7185DB7199158B61
                                                  Function 02B54226 Relevance: 50.9, APIs: 25, Strings: 4, Instructions: 173stringfileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • lstrcmpiW.KERNEL32(?,02B916DC,00000000,00000000), ref: 02B54264
                                                  • GetFileAttributesW.KERNEL32(?), ref: 02B54273
                                                  • SetLastError.KERNEL32(00000000), ref: 02B5428E
                                                  • RemoveDirectoryW.KERNEL32(?), ref: 02B54295
                                                  • GetLastError.KERNEL32 ref: 02B542A8
                                                    • Part of subcall function 02B54226: GetLastError.KERNEL32 ref: 02B54459
                                                    • Part of subcall function 02B54226: FindClose.KERNEL32(?), ref: 02B54464
                                                    • Part of subcall function 02B54226: RemoveDirectoryW.KERNEL32(?), ref: 02B54473
                                                  • lstrlenW.KERNEL32(?), ref: 02B542C0
                                                  • lstrlenW.KERNEL32(\*.*), ref: 02B542C9
                                                  • wsprintfW.USER32 ref: 02B54300
                                                  • FindFirstFileW.KERNEL32(?,?), ref: 02B54313
                                                  • lstrcpyW.KERNEL32(?,?), ref: 02B5432D
                                                  • lstrcmpiW.KERNEL32(?,02B9170C), ref: 02B54359
                                                  • lstrcmpiW.KERNEL32(?,02B916DC), ref: 02B54373
                                                  • lstrlenW.KERNEL32(02B91710), ref: 02B54386
                                                  • lstrlenW.KERNEL32(?), ref: 02B54395
                                                  • lstrlenW.KERNEL32(?), ref: 02B543A4
                                                  • wsprintfW.USER32 ref: 02B543D2
                                                  • SetFileAttributesW.KERNEL32(?,?), ref: 02B543F6
                                                  • RemoveDirectoryW.KERNEL32(?), ref: 02B54410
                                                  • SetFileAttributesW.KERNEL32(?,00000080), ref: 02B54430
                                                  • DeleteFileW.KERNEL32(?), ref: 02B5443D
                                                  • FindNextFileW.KERNEL32(?,?), ref: 02B5444B
                                                  • SetLastError.KERNEL32(00000057,00000000,00000000), ref: 02B5447D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: File$lstrlen$ErrorLast$AttributesDirectoryFindRemovelstrcmpi$wsprintf$CloseDeleteFirstNextlstrcpy
                                                  • String ID: %s*.*$%s\%s$%s\*.*$\*.*
                                                  • API String ID: 3814648168-2895969333
                                                  • Opcode ID: 4f39000b62c68aed6436602d29a77b3e1f93a485c8fc6697775ebfac6ad4ce14
                                                  • Instruction ID: aefa0be93b3e622ed57dcc5d3cc198708d4eef4269369f4046f6614bab491ae4
                                                  • Opcode Fuzzy Hash: 4f39000b62c68aed6436602d29a77b3e1f93a485c8fc6697775ebfac6ad4ce14
                                                  • Instruction Fuzzy Hash: D951C471990236ABDB209FA8DD8CBA9737CEB04785F0849D1F90AE7080EB3196D19F50
                                                  Function 06543ACA Relevance: 47.6, APIs: 24, Strings: 3, Instructions: 318synchronizationmemoryinjectionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 065434DD: GetModuleHandleA.KERNEL32(kernel32.dll,IsWow64Process,?,?,?,06543B09), ref: 065434F0
                                                    • Part of subcall function 065434DD: GetProcAddress.KERNEL32(00000000), ref: 065434F7
                                                    • Part of subcall function 065434DD: GetCurrentProcess.KERNEL32(00000000,?,?,?,06543B09), ref: 06543507
                                                  • FindResourceA.KERNEL32(00000066,DLL), ref: 06543B24
                                                  • _calloc.LIBCMT ref: 06543B36
                                                    • Part of subcall function 065450E8: __calloc_impl.LIBCMT ref: 065450FB
                                                    • Part of subcall function 065437AB: SetLastError.KERNEL32(00000057,0000002C,?,06543B44,00000000,?,00000001,00000030), ref: 065437B8
                                                  • FindResourceA.KERNEL32(00000065,DLL), ref: 06543B55
                                                  • _calloc.LIBCMT ref: 06543B64
                                                  • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 06543B89
                                                  • CreateEventA.KERNEL32(00000000,00000000,00000000,00000010), ref: 06543B97
                                                  • LoadResource.KERNEL32(?), ref: 06543BC6
                                                  • SizeofResource.KERNEL32(?), ref: 06543BDE
                                                  • LockResource.KERNEL32(?), ref: 06543BEA
                                                    • Part of subcall function 065436CA: GetCurrentProcess.KERNEL32(00000020,06543BF8,?,?,?,?,?,06543BF8), ref: 065436DC
                                                    • Part of subcall function 065436CA: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,06543BF8), ref: 065436E3
                                                    • Part of subcall function 065436CA: LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 065436F7
                                                    • Part of subcall function 065436CA: AdjustTokenPrivileges.ADVAPI32(06543BF8,00000000,?,00000000,00000000,00000000), ref: 0654371A
                                                    • Part of subcall function 065436CA: GetLastError.KERNEL32(?,?,?,?,06543BF8), ref: 06543724
                                                    • Part of subcall function 065436CA: CloseHandle.KERNEL32(00000000), ref: 06543735
                                                    • Part of subcall function 06543628: EnumProcesses.PSAPI(?,00001000,06543C07,00000000,00000000,?,06543C07), ref: 06543648
                                                    • Part of subcall function 06543628: OpenProcess.KERNEL32(001F0FFF,00000000,?,?,00001000,06543C07,00000000,00000000,?,06543C07), ref: 06543673
                                                    • Part of subcall function 06543628: GetProcessImageFileNameA.PSAPI(00000000,?,00000104,?,06543C07), ref: 0654368C
                                                    • Part of subcall function 06543628: CloseHandle.KERNEL32(00000000,00000000,?,00000104,?,06543C07), ref: 065436AD
                                                  • VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004), ref: 06543C1D
                                                  • WriteProcessMemory.KERNEL32(00000000,00000000,00000000,?,?), ref: 06543C38
                                                  • GetProcessId.KERNEL32(00000000), ref: 06543C59
                                                  • WaitForSingleObject.KERNEL32(00000000,?), ref: 06543C8C
                                                  • ReadProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06543CAB
                                                  • SetEvent.KERNEL32(?), ref: 06543CF4
                                                  • WaitForSingleObject.KERNEL32(00000000,?), ref: 06543D06
                                                  • __snprintf_s.LIBCMT ref: 06543D56
                                                  • __snprintf_s.LIBCMT ref: 06543D90
                                                  • __snprintf_s.LIBCMT ref: 06543DD3
                                                    • Part of subcall function 06543844: _calloc.LIBCMT ref: 06543869
                                                    • Part of subcall function 06543844: ReadProcessMemory.KERNEL32(?,?,00000000,00000000,?,00000000,?,?,00000000,?,?), ref: 0654388B
                                                    • Part of subcall function 06543844: _free.LIBCMT ref: 06543941
                                                  • GetLastError.KERNEL32 ref: 06543E10
                                                  • CloseHandle.KERNEL32(00000000), ref: 06543E29
                                                  • CloseHandle.KERNEL32(?), ref: 06543E33
                                                  • VirtualFreeEx.KERNEL32(?,?,0000002C,00008000), ref: 06543E47
                                                  • CloseHandle.KERNEL32(?), ref: 06543E55
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Process$Handle$CloseResource$ErrorEventLastMemory__snprintf_s_calloc$CreateCurrentFindObjectOpenReadSingleTokenVirtualWait$AddressAdjustAllocEnumFileFreeImageLoadLockLookupModuleNamePrivilegePrivilegesProcProcessesSizeofValueWrite__calloc_impl_free
                                                  • String ID: %02x$:::$DLL
                                                  • API String ID: 3791806021-1940125050
                                                  • Opcode ID: ab1d9aa772ac01833fff42501aed1c75e671302ca0b00fdfe04e36817f30f725
                                                  • Instruction ID: 7c7576f699c21974a633695e3d87794121a908af52fe5bd5d6052d0b5278af02
                                                  • Opcode Fuzzy Hash: ab1d9aa772ac01833fff42501aed1c75e671302ca0b00fdfe04e36817f30f725
                                                  • Instruction Fuzzy Hash: 08B16F71D00216ABDF91AFB5CC48EAE7BB9BF08758F0440A5FA04E7260E7719D51CBA0
                                                  Function 028D1BAC Relevance: 37.1, APIs: 20, Strings: 1, Instructions: 308injectionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(00000028,?), ref: 028D1C5A
                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 028D1C61
                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 028D1C89
                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 028D1C9E
                                                  • CloseHandle.KERNEL32(?), ref: 028D1CA7
                                                  • OpenProcess.KERNEL32(0000047A,00000000,?), ref: 028D1CBA
                                                  • GetLastError.KERNEL32 ref: 028D1CC6
                                                  • GetLastError.KERNEL32 ref: 028D1D6D
                                                  • _free.LIBCMT ref: 028D1D81
                                                  • CloseHandle.KERNEL32(00000000), ref: 028D1DA5
                                                  • CloseHandle.KERNEL32(?), ref: 028D1DB3
                                                  • WriteProcessMemory.KERNEL32(00000000,00000000,?,?,00000000), ref: 028D1DE8
                                                  • WriteProcessMemory.KERNEL32(00000000,?,?,?,00000000), ref: 028D1E05
                                                  • WriteProcessMemory.KERNEL32(00000000,?,?,?,00000000), ref: 028D1E22
                                                  • WriteProcessMemory.KERNEL32(00000000,?,?,?,00000000), ref: 028D1E43
                                                  • _free.LIBCMT ref: 028D1E54
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Process$MemoryWrite$CloseHandle$ErrorLastOpenToken_free$AdjustCurrentLookupPrivilegePrivilegesValue
                                                  • String ID: SeDebugPrivilege
                                                  • API String ID: 2387878367-2896544425
                                                  • Opcode ID: 0d5d1c6aa796cef28be3c93c4890703e722b6dbb3c9bed505fd3e9e8a32ade6c
                                                  • Instruction ID: 999c5e683f71368eb6910724cbd6001b31dd03acff1b1da2f8d2c98b2b9eb68d
                                                  • Opcode Fuzzy Hash: 0d5d1c6aa796cef28be3c93c4890703e722b6dbb3c9bed505fd3e9e8a32ade6c
                                                  • Instruction Fuzzy Hash: E6A1387AD00219BFDB119FA5DC48EEEBBB9EF48744F044429FA09F6250DB309914CBA1
                                                  Function 02B5E18C Relevance: 35.1, APIs: 12, Strings: 8, Instructions: 147keyboardCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 02B5E1AE
                                                  • GetKeyState.USER32(00000014), ref: 02B5E1CE
                                                  • GetKeyState.USER32(00000091), ref: 02B5E1D5
                                                  • GetKeyState.USER32(00000090), ref: 02B5E1DC
                                                  • GetKeyboardState.USER32(?), ref: 02B5E1E5
                                                  • GetAsyncKeyState.USER32(00000011), ref: 02B5E21F
                                                  • GetKeyNameTextW.USER32(?,?,00000104), ref: 02B5E270
                                                  • __snwprintf.LIBCMT ref: 02B5E29E
                                                  • ToUnicodeEx.USER32(?,?,?,?,00000010,00000000,00000000), ref: 02B5E2C0
                                                  • GetKeyNameTextW.USER32(00000000,?,00000104), ref: 02B5E2E3
                                                  • MapVirtualKeyA.USER32(00000090,00000000), ref: 02B5E306
                                                  • __snwprintf.LIBCMT ref: 02B5E367
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: State$NameText__snwprintf$AsyncKeyboardUnicodeVirtual_memset
                                                  • String ID: %ls$<%ls>$<CR>$<LAlt>$<RAlt>$<Tab>$<^%ls>$<^H>
                                                  • API String ID: 247964248-3753729705
                                                  • Opcode ID: 9201bf2b5cd234c999b337cbcaa4ba94480684ef79335dd6805f4dbaa68babe7
                                                  • Instruction ID: 1028842e2cfe549da389ee04caa4a6d212eba326577296e561a8433665ec1c25
                                                  • Opcode Fuzzy Hash: 9201bf2b5cd234c999b337cbcaa4ba94480684ef79335dd6805f4dbaa68babe7
                                                  • Instruction Fuzzy Hash: 9741F476E50228BBEB11DAA4DC96FE9336CFB08740F0445AAFD09EB181D771DA54CB50
                                                  Function 02B5758B Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 146libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 02B575B8
                                                  • GetCurrentProcess.KERNEL32(00000028,?), ref: 02B575C6
                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 02B575CD
                                                  • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 02B575F5
                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 02B5760A
                                                  • CloseHandle.KERNEL32(?), ref: 02B57613
                                                  • LoadLibraryA.KERNEL32(kernel32), ref: 02B5761E
                                                  • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 02B5763D
                                                  • GetProcAddress.KERNEL32(00000000,Process32FirstW), ref: 02B57648
                                                  • GetProcAddress.KERNEL32(00000000,Process32NextW), ref: 02B57653
                                                  • _wcsstr.LIBCMT ref: 02B576C1
                                                  • CloseHandle.KERNEL32(00000000), ref: 02B576FF
                                                  • FreeLibrary.KERNEL32(00000000), ref: 02B57706
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: AddressProc$CloseHandleLibraryProcessToken$AdjustCurrentFreeLoadLookupOpenPrivilegePrivilegesValue_memset_wcsstr
                                                  • String ID: CreateToolhelp32Snapshot$Process32FirstW$Process32NextW$SeDebugPrivilege$csrss.exe$kernel32
                                                  • API String ID: 4246246601-2225489067
                                                  • Opcode ID: 8b8df134133e6b53daf2258672c2ca7ed7081878ece92ef7590930cdcd311a80
                                                  • Instruction ID: c67af6d6c3b3bef4ba3c6120d83084434fcffe77cb645bc183e8ef08554b3185
                                                  • Opcode Fuzzy Hash: 8b8df134133e6b53daf2258672c2ca7ed7081878ece92ef7590930cdcd311a80
                                                  • Instruction Fuzzy Hash: 3C41B671E00229BBDF119FA9DD48FEEBBB9EF04754F1004A5F908E6150EB718A50AF90
                                                  Function 028D5D85 Relevance: 31.7, APIs: 21, Instructions: 182encryptionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 028D54E8: __time64.LIBCMT ref: 028D54F6
                                                    • Part of subcall function 028D54E8: _rand.LIBCMT ref: 028D550F
                                                    • Part of subcall function 028D54E8: _rand.LIBCMT ref: 028D5523
                                                    • Part of subcall function 028D54E8: _rand.LIBCMT ref: 028D5530
                                                    • Part of subcall function 028D54E8: _rand.LIBCMT ref: 028D553D
                                                  • _memcpy_s.LIBCMT ref: 028D5DB1
                                                  • CryptDuplicateKey.ADVAPI32(?,00000000,00000000,?,?,?,?,?,00000001,?,?,028D3FF9,?,?,?,?), ref: 028D5DE1
                                                  • GetLastError.KERNEL32(?,?,?,?,00000001,?,?,028D3FF9,?), ref: 028D5DEB
                                                  • CryptSetKeyParam.ADVAPI32(?,00000004,?,00000000,?,?,?,?,00000001,?,?,028D3FF9,?), ref: 028D5E10
                                                  • CryptGenRandom.ADVAPI32(?,00000010,?,?,?,?,?,00000001,?,?,028D3FF9,?), ref: 028D5E21
                                                  • GetLastError.KERNEL32(?,?,?,?,00000001,?,?,028D3FF9,?), ref: 028D5E31
                                                  • CryptSetKeyParam.ADVAPI32(?,00000001,?,00000000,?,?,?,?,00000001,?,?,028D3FF9,?), ref: 028D5E41
                                                  • GetLastError.KERNEL32(?,?,?,?,00000001,?,?,028D3FF9,?), ref: 028D5E47
                                                  • htonl.WS2_32(00000001), ref: 028D5E4D
                                                  • _memcpy_s.LIBCMT ref: 028D5E8C
                                                  • CryptEncrypt.ADVAPI32(?,00000000,00000001,00000000,-00000010,028D3FF9,?,?,?,?,?,?,?,?,?,?), ref: 028D5EA2
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,?,?,028D3FF9,?), ref: 028D5EAC
                                                  • htonl.WS2_32(-00000018), ref: 028D5EC2
                                                  • _memcpy_s.LIBCMT ref: 028D5ED6
                                                  • _memcpy_s.LIBCMT ref: 028D5EE6
                                                  • _malloc.LIBCMT ref: 028D5E64
                                                    • Part of subcall function 028E00B0: __FF_MSGBANNER.LIBCMT ref: 028E00C7
                                                    • Part of subcall function 028E00B0: __NMSG_WRITE.LIBCMT ref: 028E00CE
                                                    • Part of subcall function 028E00B0: RtlAllocateHeap.NTDLL(00A40000,00000000,00000001,00000000,00000000,00000000,?,028E9533,?,?,?,00000000,?,028E98AE,00000018,028F5608), ref: 028E00F3
                                                  • _malloc.LIBCMT ref: 028D5F0B
                                                  • htonl.WS2_32(00000000), ref: 028D5F1A
                                                  • _memcpy_s.LIBCMT ref: 028D5F29
                                                  • _memcpy_s.LIBCMT ref: 028D5F3B
                                                  • CryptDestroyKey.ADVAPI32(00000000,?,?,?,?,?,?,?,00000001,?,?,028D3FF9,?,?,?), ref: 028D5F67
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Crypt_memcpy_s$ErrorLast_rand$htonl$Param_malloc$AllocateDestroyDuplicateEncryptHeapRandom__time64
                                                  • String ID:
                                                  • API String ID: 2310265568-0
                                                  • Opcode ID: a2238c2d8b3a0e22c2f42fc4fcc7b66e6c94de4c6364c7a0c3f13ce1ccbcab6c
                                                  • Instruction ID: c249d0afeff45a50a9d7d281daf610b04d5b4f20ce45d54c8ad5bc0ea47a281f
                                                  • Opcode Fuzzy Hash: a2238c2d8b3a0e22c2f42fc4fcc7b66e6c94de4c6364c7a0c3f13ce1ccbcab6c
                                                  • Instruction Fuzzy Hash: 44617AB9900208EFDB109FA9CC85FAA3BB9EF48314F504455FA09EB281D775E950CF61
                                                  Function 02B53EE6 Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 148fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _free$__snprintf$Find$ErrorFileLast_strrchr$CloseFirstNext
                                                  • String ID: %s\%s$%s\*
                                                  • API String ID: 274745109-2848263008
                                                  • Opcode ID: 96c7687bffa0e9cc890948269b60abc92c1e4172921744154d29102715f3d866
                                                  • Instruction ID: 207c0b23f26d2ff4928a9eb0babca85c541936fa9f4862db022a492c3e889a31
                                                  • Opcode Fuzzy Hash: 96c7687bffa0e9cc890948269b60abc92c1e4172921744154d29102715f3d866
                                                  • Instruction Fuzzy Hash: F3411431D4861AEFDB11ABA8CC45F9E77B9FF04394F1400E5F819A7250EB729A409F60
                                                  Function 06541BFF Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 148fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 06541C20
                                                  • _calloc.LIBCMT ref: 06541C4D
                                                    • Part of subcall function 065450E8: __calloc_impl.LIBCMT ref: 065450FB
                                                  • swprintf.LIBCMT ref: 06541C6B
                                                  • FindFirstFileW.KERNEL32(00000000,?,?,?,?,?,?,?,0655B0AC,00000000), ref: 06541C7B
                                                  • _wcscmp.LIBCMT ref: 06541CAA
                                                  • _wcscmp.LIBCMT ref: 06541CC5
                                                  • _calloc.LIBCMT ref: 06541CF2
                                                  • swprintf.LIBCMT ref: 06541D12
                                                    • Part of subcall function 06541BFF: _free.LIBCMT ref: 06541D37
                                                  • FindNextFileW.KERNEL32(00000000,00000010,?,?,?,?,?,?,0655B0AC,00000000), ref: 06541D6A
                                                  • FindClose.KERNEL32(00000000,?,?,?,?,?,?,0655B0AC,00000000), ref: 06541D79
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,0655B0AC,00000000), ref: 06541D8A
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,0655B0AC,00000000), ref: 06541D91
                                                  • _free.LIBCMT ref: 06541D96
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Find$ErrorFileLast_calloc_free_wcscmpswprintf$CloseFirstNext__calloc_impl_memset
                                                  • String ID: $%s\%s$%s\*.*
                                                  • API String ID: 147524394-2005348348
                                                  • Opcode ID: d55b9458a304873be49b51acc1c81c14fa5e4677c9613a5ac4de05347a7a3d42
                                                  • Instruction ID: 399615224dae59514f55491f8077d06bae68ecf97e2e868bb858954424494727
                                                  • Opcode Fuzzy Hash: d55b9458a304873be49b51acc1c81c14fa5e4677c9613a5ac4de05347a7a3d42
                                                  • Instruction Fuzzy Hash: BC41E6B2D006196BDFA0BE64CC49AAF3769FF45268F5440E5FD19A7140FA30DA858BA0
                                                  Function 02B55590 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 141fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 02B555B6
                                                  • _calloc.LIBCMT ref: 02B555E3
                                                    • Part of subcall function 02B79BDA: __calloc_impl.LIBCMT ref: 02B79BED
                                                  • swprintf.LIBCMT ref: 02B55601
                                                  • FindFirstFileW.KERNEL32(00000000,?,?,?,?,?,?,00000005,00000000,?), ref: 02B55611
                                                  • _wcscmp.LIBCMT ref: 02B5564B
                                                  • _wcscmp.LIBCMT ref: 02B55662
                                                  • _calloc.LIBCMT ref: 02B5568E
                                                  • swprintf.LIBCMT ref: 02B556AF
                                                    • Part of subcall function 02B55590: _free.LIBCMT ref: 02B556C6
                                                  • FindNextFileW.KERNEL32(00000000,00000010,?,?,?,?,?,00000005,00000000,?), ref: 02B556D9
                                                  • FindClose.KERNEL32(00000000,?,?,?,?,?,00000005,00000000,?), ref: 02B556E8
                                                  • GetLastError.KERNEL32(?,?,?,?,?,00000005,00000000,?), ref: 02B55719
                                                  • GetLastError.KERNEL32(?,?,?,?,?,00000005,00000000,?), ref: 02B55720
                                                  • _free.LIBCMT ref: 02B55725
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Find$ErrorFileLast_calloc_free_wcscmpswprintf$CloseFirstNext__calloc_impl_memset
                                                  • String ID: $%s\%s$%s\*.*
                                                  • API String ID: 147524394-2005348348
                                                  • Opcode ID: d6f0f2144eca9fc620d38aa42c5853934a67670c263ce1a80eebca2cafabc0d1
                                                  • Instruction ID: 2460e2e84c24ff994d4b65e35310a73eff2db4fb930a7ee6cee90bb90381e5ef
                                                  • Opcode Fuzzy Hash: d6f0f2144eca9fc620d38aa42c5853934a67670c263ce1a80eebca2cafabc0d1
                                                  • Instruction Fuzzy Hash: 2E41D472D00229AFEF20AE648C85BAE37A9EB04355F5404E5FC18EB240E7759E509F90
                                                  Function 02B5689C Relevance: 27.3, APIs: 18, Instructions: 281networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _malloc.LIBCMT ref: 02B568CF
                                                  • _memset.LIBCMT ref: 02B568E2
                                                  • _strlen.LIBCMT ref: 02B56923
                                                  • WSASocketA.WS2_32(00000017,00000001,00000006,00000000,00000000,00000000), ref: 02B56954
                                                  • WSASocketA.WS2_32(00000002,00000001,00000006,00000000,00000000,00000000), ref: 02B569A2
                                                  • WSAGetLastError.WS2_32 ref: 02B569B4
                                                  • closesocket.WS2_32(?), ref: 02B56B77
                                                  • _free.LIBCMT ref: 02B56B97
                                                    • Part of subcall function 02B79C1A: RtlFreeHeap.NTDLL(00000000,00000000,?,02B81D2C,00000000,?,?,?,00000000,?,02B87EE1,00000018,02B99648,00000008,02B87E2E,?), ref: 02B79C2E
                                                    • Part of subcall function 02B79C1A: GetLastError.KERNEL32(00000000,?,02B81D2C,00000000,?,?,?,00000000,?,02B87EE1,00000018,02B99648,00000008,02B87E2E,?,?), ref: 02B79C40
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorLastSocket$FreeHeap_free_malloc_memset_strlenclosesocket
                                                  • String ID:
                                                  • API String ID: 3784971815-0
                                                  • Opcode ID: 52633cfbe1428e9aadbd7838ebc1916dd8b47ca2f4bbad6547faede28f140d94
                                                  • Instruction ID: 5afd981cb5434ac9ba2f1dcb4f1af4d35eab8d7284b71813125b547c1921b393
                                                  • Opcode Fuzzy Hash: 52633cfbe1428e9aadbd7838ebc1916dd8b47ca2f4bbad6547faede28f140d94
                                                  • Instruction Fuzzy Hash: 7891F171D40229BFDB109F64C845FAEB7B9FF08760F5446A5FE28AB290D7719C508B90
                                                  Function 02B57D88 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 132injectionlibraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 02B57DAC
                                                  • GetThreadContext.KERNEL32(?,00010002), ref: 02B57DC8
                                                  • GetModuleHandleA.KERNEL32(NTDLL,NtUnmapViewOfSection), ref: 02B57DE8
                                                  • GetProcAddress.KERNEL32(00000000), ref: 02B57DEF
                                                  • SetLastError.KERNEL32(000001E7), ref: 02B57E05
                                                  • SetThreadContext.KERNEL32(?,00010002), ref: 02B57E28
                                                  • VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 02B57E43
                                                  • GetModuleHandleA.KERNEL32(NTDLL,NtQueryInformationProcess), ref: 02B57E5E
                                                  • GetProcAddress.KERNEL32(00000000), ref: 02B57E65
                                                  • WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000), ref: 02B57E94
                                                  • WriteProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 02B57EA6
                                                  • WriteProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 02B57EE7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: MemoryProcessWrite$AddressContextHandleModuleProcThread$AllocErrorLastVirtual_memset
                                                  • String ID: NTDLL$NtQueryInformationProcess$NtUnmapViewOfSection
                                                  • API String ID: 4170647574-1843492446
                                                  • Opcode ID: 3cd7e3f827f66e857f7e7c7f937d8918fd4e7583d4b8de109de338584087d386
                                                  • Instruction ID: 4d25166c9d11d562bb4c69157b7daba3bc7690a540c089c1779885f68cc6be96
                                                  • Opcode Fuzzy Hash: 3cd7e3f827f66e857f7e7c7f937d8918fd4e7583d4b8de109de338584087d386
                                                  • Instruction Fuzzy Hash: 19417F71A40327BBDB12DFA5CD49BAAB7B8EF04345F104495F909AB180EB70E960EF54
                                                  Function 02B5F396 Relevance: 23.6, APIs: 12, Strings: 1, Instructions: 865libraryloaderwindowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 02B5F3F5
                                                  • GetProcAddress.KERNEL32(?,?), ref: 02B5F425
                                                  • _malloc.LIBCMT ref: 02B5F3E7
                                                    • Part of subcall function 02B79C52: __FF_MSGBANNER.LIBCMT ref: 02B79C69
                                                    • Part of subcall function 02B79C52: __NMSG_WRITE.LIBCMT ref: 02B79C70
                                                    • Part of subcall function 02B79C52: RtlAllocateHeap.NTDLL(00A40000,00000000,00000001,00000000,00000000,00000000,?,02B87D0E,?,?,?,00000000,?,02B87EE1,00000018,02B99648), ref: 02B79C95
                                                  • LoadLibraryA.KERNEL32(?,02B99210,0000002C,02B5EDD0,?,?), ref: 02B5F402
                                                  • GetLastError.KERNEL32 ref: 02B5F40F
                                                  • _malloc.LIBCMT ref: 02B5F444
                                                  • SetLastError.KERNEL32(00000000), ref: 02B5F4DD
                                                  • GetLastError.KERNEL32 ref: 02B5FE9A
                                                  • FormatMessageA.KERNEL32(00001B00,?,00000000,00000000,?,00000000,00000000), ref: 02B5FEB2
                                                  • _free.LIBCMT ref: 02B5FECB
                                                  • SetLastError.KERNEL32(00000057,02B99210,0000002C,02B5EDD0,?,?), ref: 02B5FED2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$_malloc$AddressAllocateFormatHeapLibraryLoadMessageProc_free_memset
                                                  • String ID: cdecl
                                                  • API String ID: 477308659-3896280584
                                                  • Opcode ID: eebd9d1be82157904f2062536a4e9a758b35f11447b515968cd1f467cedf6442
                                                  • Instruction ID: 04c52743b3e1d614029a2dce29d693eb1eb81ccf136045154d0f92ea21b9846a
                                                  • Opcode Fuzzy Hash: eebd9d1be82157904f2062536a4e9a758b35f11447b515968cd1f467cedf6442
                                                  • Instruction Fuzzy Hash: 8F82DD36400A15EFCB325FA5CA04DAAFBB2FF0D7117548A5CE6AA55930C332E465EF41
                                                  Function 02B5EB06 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 76filelibraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 02B5EB20
                                                  • ExpandEnvironmentStringsA.KERNEL32(%TEMP%\hook.dll,?,000003FF,?,00000000,00000000), ref: 02B5EB39
                                                  • FindResourceA.KERNEL32(00000065,IMG), ref: 02B5EB4C
                                                  • LoadResource.KERNEL32(00000000,?,00000000,00000000), ref: 02B5EB63
                                                  • LockResource.KERNEL32(00000000,?,00000000,00000000), ref: 02B5EB6A
                                                  • SizeofResource.KERNEL32(00000000,?,00000000,00000000), ref: 02B5EB7A
                                                  • DeleteFileA.KERNEL32(?,?,00000000,00000000), ref: 02B5EB8A
                                                  • GetFileAttributesA.KERNEL32(?,?,00000000,00000000), ref: 02B5EB97
                                                  • LoadLibraryA.KERNEL32(?,?,00000000,00000000), ref: 02B5EBE3
                                                    • Part of subcall function 02B7CB80: __fsopen.LIBCMT ref: 02B7CB8B
                                                  • GetLastError.KERNEL32(?,00000000,00000000), ref: 02B5EBD4
                                                  • GetLastError.KERNEL32(?,00000000,00000000), ref: 02B5EBF2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Resource$ErrorFileLastLoad$AttributesDeleteEnvironmentExpandFindLibraryLockSizeofStrings__fsopen_memset
                                                  • String ID: %TEMP%\hook.dll$IMG
                                                  • API String ID: 934986003-3642725959
                                                  • Opcode ID: 97830c649ce9e2c17c4417728ba6abefc45656c2c61dd0265725edd647113dad
                                                  • Instruction ID: 1bb95188eb1460120f454163834181d2a4659d1956daffda3fb8f8fc414e7434
                                                  • Opcode Fuzzy Hash: 97830c649ce9e2c17c4417728ba6abefc45656c2c61dd0265725edd647113dad
                                                  • Instruction Fuzzy Hash: CA21FB76C402157BDB10ABA8EE4DE8A7B7DEB44791F0005A5FA09F3150EF7185609F60
                                                  Function 02B5D583 Relevance: 21.2, APIs: 14, Instructions: 162COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcessId.KERNEL32 ref: 02B5D5D6
                                                  • GetCurrentProcessId.KERNEL32 ref: 02B5D626
                                                  • OpenWindowStationA.USER32(?,00000000,0000037F), ref: 02B5D648
                                                  • RevertToSelf.ADVAPI32 ref: 02B5D654
                                                  • OpenWindowStationA.USER32(?,00000000,0000037F), ref: 02B5D667
                                                  • CloseDesktop.USER32(?), ref: 02B5D703
                                                  • CloseWindowStation.USER32(00000000), ref: 02B5D70E
                                                  • SetProcessWindowStation.USER32(?), ref: 02B5D71C
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: StationWindow$Process$CloseCurrentOpen$DesktopRevertSelf
                                                  • String ID:
                                                  • API String ID: 3332180221-0
                                                  • Opcode ID: f9a603217fbb1626218ec297d4bfad011d39c7134aa850f7460d14304efb2506
                                                  • Instruction ID: 1d8ecd46583b69042e5525df68c0bf1947c2e22ec401ad763dad2ddda76cb984
                                                  • Opcode Fuzzy Hash: f9a603217fbb1626218ec297d4bfad011d39c7134aa850f7460d14304efb2506
                                                  • Instruction Fuzzy Hash: 8851BB35E44317AFDB109FB8A849B6E7BB8FF04794F1445A9FD08EB280DB7085119B50
                                                  Function 02B56FD8 Relevance: 19.7, APIs: 13, Instructions: 191networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _malloc.LIBCMT ref: 02B57011
                                                  • _memset.LIBCMT ref: 02B57021
                                                  • inet_addr.WS2_32(00000000), ref: 02B57091
                                                  • inet_addr.WS2_32(00000000), ref: 02B570B2
                                                  • WSASocketA.WS2_32(00000002,00000002,00000011,00000000,00000000,00000000), ref: 02B570C1
                                                  • WSAGetLastError.WS2_32 ref: 02B570CF
                                                  • closesocket.WS2_32(?), ref: 02B571C5
                                                  • _free.LIBCMT ref: 02B571E5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: inet_addr$ErrorLastSocket_free_malloc_memsetclosesocket
                                                  • String ID:
                                                  • API String ID: 3450902294-0
                                                  • Opcode ID: 7599548a271667a7edf41b84cb4dcacbdb21fecf99ec4b36254c8440a497be46
                                                  • Instruction ID: 2c32297a97af1a2986810bb252b85d0d2ac8ca3991c318803814951a71f5d62f
                                                  • Opcode Fuzzy Hash: 7599548a271667a7edf41b84cb4dcacbdb21fecf99ec4b36254c8440a497be46
                                                  • Instruction Fuzzy Hash: F3612371A00606AFCB109F68DC48FAABBB9FF08360F144295FD089B650DB719960DF90
                                                  Function 028D2B76 Relevance: 19.6, APIs: 13, Instructions: 103memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 028D2B8F
                                                  • GetVersionExW.KERNEL32(00000114,?,?,00000000), ref: 028D2BA8
                                                  • GetLastError.KERNEL32(?,?,00000000), ref: 028D2BB2
                                                  • SetLastError.KERNEL32(00000005,?,?,00000000), ref: 028D2BD3
                                                  • VirtualAlloc.KERNEL32(00000000,00000051,00003000,00000040,00000000,00000000,?,?,00000000), ref: 028D2BEF
                                                  • GetLastError.KERNEL32(?,?,00000000), ref: 028D2BF8
                                                  • VirtualAlloc.KERNEL32(00000000,00000148,00003000,00000040,?,?,00000000), ref: 028D2C0F
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 028D2C17
                                                  • VirtualFree.KERNEL32(?,00000000,00004000,?,?,?,?,?,?,?,?,00000000), ref: 028D2C90
                                                  • VirtualFree.KERNEL32(00000000,00000000,00004000,?,?,?,?,?,?,?,?,00000000), ref: 028D2C9E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLastVirtual$AllocFree$Version_memset
                                                  • String ID:
                                                  • API String ID: 1729307151-0
                                                  • Opcode ID: e3764c65595db21643f2c93fcfbdab316858a3b61ca6f23841fa63157465a6aa
                                                  • Instruction ID: 99b45ed1bc8b54decad577830ea795e74fd4dbd13637aae8f5b14410b6c6a560
                                                  • Opcode Fuzzy Hash: e3764c65595db21643f2c93fcfbdab316858a3b61ca6f23841fa63157465a6aa
                                                  • Instruction Fuzzy Hash: 8731D43CA40208EBEB609F658C86F9973A8EB44B55F000855FF0DFB285D7B09D548A95
                                                  Function 02B5CB4B Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 124COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(00000028,?), ref: 02B5CC9F
                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 02B5CCA6
                                                  • GetLastError.KERNEL32 ref: 02B5CCB0
                                                  • _memset.LIBCMT ref: 02B5CCC3
                                                  • LookupPrivilegeValueA.ADVAPI32(00000000,SeAssignPrimaryTokenPrivilege,?), ref: 02B5CCD1
                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 02B5CCF0
                                                  • GetLastError.KERNEL32 ref: 02B5CCFA
                                                  • CloseHandle.KERNEL32(00000000), ref: 02B5CD30
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorLastProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue_memset
                                                  • String ID: SeAssignPrimaryTokenPrivilege$SeDebugPrivilege$SeShutdownPrivilege
                                                  • API String ID: 2246033915-1970400579
                                                  • Opcode ID: bda2c5c46ee13a6da248ebb07eac962e59ee8fadf32795465b276294a4e07f5e
                                                  • Instruction ID: 569f9e129641536b89903f4031311c9ff4f22924553b26601fade9194ddb2809
                                                  • Opcode Fuzzy Hash: bda2c5c46ee13a6da248ebb07eac962e59ee8fadf32795465b276294a4e07f5e
                                                  • Instruction Fuzzy Hash: 8051ECB2E11229ABCF10CF95DA49A9EBFB5FF45348F1040E9E9086B210C7314A59DF94
                                                  Function 06541B0E Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 83fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • swprintf.LIBCMT ref: 06541B32
                                                  • FindFirstFileW.KERNEL32(?,?,00000000,?,06541D59,065418FE), ref: 06541B48
                                                  • _wcscmp.LIBCMT ref: 06541B65
                                                  • _wcscmp.LIBCMT ref: 06541B7C
                                                  • CreateFileW.KERNEL32(?,00000180,00000000,00000000,00000003,00000000,00000000,?,06541D59,065418FE), ref: 06541B9D
                                                  • CloseHandle.KERNEL32(?), ref: 06541BC2
                                                  • FindNextFileW.KERNEL32(00000000,?,?,06541D59,065418FE,?,?,?,?,?,?,?,?,?,?,0655B0AC), ref: 06541BD0
                                                  • FindClose.KERNEL32(00000000,?,06541D59,065418FE,?,?,?,?,?,?,?,?,?,?,0655B0AC,00000000), ref: 06541BDF
                                                  • GetLastError.KERNEL32(?,06541D59,065418FE,?,?,?,?,?,?,?,?,?,?,0655B0AC,00000000), ref: 06541BF4
                                                  • GetLastError.KERNEL32(?,06541D59,065418FE,?,?,?,?,?,?,?,?,?,?,0655B0AC,00000000), ref: 06541BFB
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: FileFind$CloseErrorLast_wcscmp$CreateFirstHandleNextswprintf
                                                  • String ID: %s\*
                                                  • API String ID: 1431270537-766152087
                                                  • Opcode ID: 1d54275c02e40db63ec30b13c70b69a20cb5e69c730b1c4ee67bcf65cb157aab
                                                  • Instruction ID: 7e1553bbd55aa9533e45287066d50438aaee7049d671145cc9f543ddb144e154
                                                  • Opcode Fuzzy Hash: 1d54275c02e40db63ec30b13c70b69a20cb5e69c730b1c4ee67bcf65cb157aab
                                                  • Instruction Fuzzy Hash: 4121AD31A40709B7DBA0BEB4DC5DFAA77ACFF45218F5004D2FA05D6190FA70E6888E64
                                                  Function 028D29F0 Relevance: 18.2, APIs: 12, Instructions: 150memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,028D1E76), ref: 028D2A19
                                                    • Part of subcall function 028DFBE9: _memset.LIBCMT ref: 028DFC00
                                                    • Part of subcall function 028DFBE9: GetModuleHandleA.KERNEL32(ntdll.dll,RtlGetVersion), ref: 028DFC1C
                                                    • Part of subcall function 028DFBE9: GetProcAddress.KERNEL32(00000000), ref: 028DFC23
                                                  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,028D1E76), ref: 028D2A54
                                                  • GetLastError.KERNEL32(?,028D1E76), ref: 028D2A61
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AddressCreateErrorEventHandleHeapLastModuleProcProcess_memset
                                                  • String ID:
                                                  • API String ID: 975075937-0
                                                  • Opcode ID: f0a61e6369d8e2a856b4a5573493b6eb4e7314c0a899c9b97128274caf37a33c
                                                  • Instruction ID: 4109f1317b2242502ffde023764f3452623135bf048006fe12c9af658420f7b6
                                                  • Opcode Fuzzy Hash: f0a61e6369d8e2a856b4a5573493b6eb4e7314c0a899c9b97128274caf37a33c
                                                  • Instruction Fuzzy Hash: 6841A33DA4020AEBEB219FA5CC49FAF7B78EB84755F000019FE09E61C5D7748965CBA1
                                                  Function 02B5E05B Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 99memorynativeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • NtdllDefWindowProc_A.NTDLL(?,?,?,?), ref: 02B5E08C
                                                  • _free.LIBCMT ref: 02B5E0A4
                                                  • DestroyWindow.USER32(?), ref: 02B5E0B2
                                                  • UnregisterClassA.USER32(klwClass), ref: 02B5E0C3
                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 02B5E118
                                                  • HeapAlloc.KERNEL32(00000000), ref: 02B5E11F
                                                  • DestroyWindow.USER32(?), ref: 02B5E16C
                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02B5E175
                                                  • HeapFree.KERNEL32(00000000), ref: 02B5E17C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Heap$Window$DestroyProcess$AllocClassFreeNtdllProc_Unregister_free
                                                  • String ID: klwClass
                                                  • API String ID: 850854976-1480243690
                                                  • Opcode ID: 4a56e3c01785aff800c7fc09536972c6248bbfc04eb6b0d45515c7111fca01a7
                                                  • Instruction ID: 25af2ee8da1d13cd3afab0e63c6e6030823926095b4a22ebd3348238ccd77a69
                                                  • Opcode Fuzzy Hash: 4a56e3c01785aff800c7fc09536972c6248bbfc04eb6b0d45515c7111fca01a7
                                                  • Instruction Fuzzy Hash: B231D572850215FBDB249FA4EC0EBAA3BB8FF08761F044A45FA59DA090D771C660DB20
                                                  Function 02B53B78 Relevance: 16.6, APIs: 11, Instructions: 136encryptionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32 ref: 02B53BCE
                                                  • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000), ref: 02B53BE8
                                                  • CryptCreateHash.ADVAPI32(?,?,00000000,00000000,?), ref: 02B53BFE
                                                  • __fread_nolock.LIBCMT ref: 02B53C19
                                                  • CryptGetHashParam.ADVAPI32(?,00000004,?,?,00000000), ref: 02B53C41
                                                  • GetLastError.KERNEL32 ref: 02B53C53
                                                  • CryptGetHashParam.ADVAPI32(?,00000002,?,?,00000000), ref: 02B53C69
                                                  • GetLastError.KERNEL32 ref: 02B53C6F
                                                  • CryptDestroyHash.ADVAPI32(00000000), ref: 02B53CB8
                                                  • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 02B53CC8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Crypt$Hash$ErrorLast$ContextParam$AcquireCreateDestroyRelease__fread_nolock
                                                  • String ID:
                                                  • API String ID: 4037101446-0
                                                  • Opcode ID: 00b975d7178ad397c401c586e5264207934dda9e49bf443eb37ca3e2486fc77d
                                                  • Instruction ID: 0598e298aec2b3c2706a34b806aa9315672e001303d08a4497d8ed8ded2b2fc8
                                                  • Opcode Fuzzy Hash: 00b975d7178ad397c401c586e5264207934dda9e49bf443eb37ca3e2486fc77d
                                                  • Instruction Fuzzy Hash: 16417B71D0021AEFDB219B95DD49FAEBBB9EF44380F0044D5FA08A7250D7719A94DB60
                                                  Function 02B55484 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 83fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • swprintf.LIBCMT ref: 02B554AC
                                                  • FindFirstFileW.KERNEL32(?,?,?,02B55705,?,00000000,?,?,?,?,?,?,00000005,00000000,?), ref: 02B554C2
                                                  • _wcscmp.LIBCMT ref: 02B554DF
                                                  • _wcscmp.LIBCMT ref: 02B554F6
                                                    • Part of subcall function 02B5490F: __aulldiv.LIBCMT ref: 02B5492C
                                                  • FindNextFileW.KERNEL32(00000000,?,?,02B55705,?,00000000,?,?,?,?,?,?,00000005,00000000,?), ref: 02B55562
                                                  • FindClose.KERNEL32(00000000,?,02B55705,?,00000000,?,?,?,?,?,?,00000005,00000000,?), ref: 02B55571
                                                  • GetLastError.KERNEL32(?,02B55705,?,00000000,?,?,?,?,?,?,00000005,00000000,?), ref: 02B55585
                                                  • GetLastError.KERNEL32(?,02B55705,?,00000000,?,?,?,?,?,?,00000005,00000000,?), ref: 02B5558C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Find$ErrorFileLast_wcscmp$CloseFirstNext__aulldivswprintf
                                                  • String ID: %s\%s
                                                  • API String ID: 3117735492-4073750446
                                                  • Opcode ID: a46d91b3318b55fe241862f19be2f828b525fbe87d56c9c9bec319b418972bab
                                                  • Instruction ID: c0fac4a1f15730f618bb92e84e428c2d35ee20c36c2595703c232dfafcd48acc
                                                  • Opcode Fuzzy Hash: a46d91b3318b55fe241862f19be2f828b525fbe87d56c9c9bec319b418972bab
                                                  • Instruction Fuzzy Hash: 3021E97180022AABDF316A68EC48BDE77BAFF04362F4402E6F91895050E77496D0DF90
                                                  Function 06542513 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _malloc.LIBCMT ref: 0654252F
                                                    • Part of subcall function 065458CC: __FF_MSGBANNER.LIBCMT ref: 065458E3
                                                    • Part of subcall function 065458CC: __NMSG_WRITE.LIBCMT ref: 065458EA
                                                    • Part of subcall function 065458CC: HeapAlloc.KERNEL32(00A40000,00000000,00000001,00000000,00000000,00000000,?,06549D21,?,?,?,00000000,?,0654C967,00000018,06559EB0), ref: 0654590F
                                                  • __snprintf_s.LIBCMT ref: 0654255C
                                                  • RpcBindingFree.RPCRT4(00000000), ref: 065425F8
                                                  • _free.LIBCMT ref: 06542606
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: AllocBindingFreeHeap__snprintf_s_free_malloc
                                                  • String ID: \\localhost/pipe/%s/\%s\%s$\pipe\lsarpc$localhost
                                                  • API String ID: 432886685-28946181
                                                  • Opcode ID: b9682b18e8c2db8af9a69593a1aa3fda7b4e75cc1326d196686e1ff12c783412
                                                  • Instruction ID: e76b6ab87e236e5fe85ec86db356465d04769d5ea1d2c4c6e67dcba8ce265b7f
                                                  • Opcode Fuzzy Hash: b9682b18e8c2db8af9a69593a1aa3fda7b4e75cc1326d196686e1ff12c783412
                                                  • Instruction Fuzzy Hash: 3821F5B1D04326ABCFD0BFB49C559EE3B64BF04338F144695F531AA1D4EB318A50DA60
                                                  Function 02B51195 Relevance: 15.1, APIs: 10, Instructions: 143shareCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 02B511C2
                                                  • GetLogicalDriveStringsA.KERNEL32(00000069,?), ref: 02B511D3
                                                  • GetLastError.KERNEL32 ref: 02B511DD
                                                  • GetDriveTypeA.KERNEL32(?), ref: 02B51209
                                                  • WNetGetUniversalNameA.MPR(?,00000001,?,?), ref: 02B5124A
                                                  • _malloc.LIBCMT ref: 02B5125B
                                                  • WNetGetUniversalNameA.MPR(?,00000001,00000000,?), ref: 02B5126B
                                                  • _free.LIBCMT ref: 02B51292
                                                  • GetDiskFreeSpaceExA.KERNEL32(?,?,?,?), ref: 02B512A5
                                                  • _strlen.LIBCMT ref: 02B51304
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: DriveNameUniversal$DiskErrorFreeLastLogicalSpaceStringsType_free_malloc_memset_strlen
                                                  • String ID:
                                                  • API String ID: 3884170412-0
                                                  • Opcode ID: bcb091d8943ebaedfe1048c5f9b2154b96131f369d58e62a05629362946cc373
                                                  • Instruction ID: 595495adc8a5ca014020013a2ddbf65e3818c3cfff7e15294bc5de03299eaab0
                                                  • Opcode Fuzzy Hash: bcb091d8943ebaedfe1048c5f9b2154b96131f369d58e62a05629362946cc373
                                                  • Instruction Fuzzy Hash: 60418275D50219AFDB119FA8DC45EAE7B7AFF08340F040495FE48E7201D7B699548F90
                                                  Function 02B60B90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 136comCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CoInitialize.OLE32(00000000), ref: 02B60BB3
                                                  • CoCreateInstance.COMBASE(02B928D4,00000000,00000003,02B92924,?), ref: 02B60BCA
                                                  • VariantInit.OLEAUT32(?), ref: 02B60C50
                                                  • _mbstowcs_s.LIBCMT ref: 02B60C8B
                                                  • VariantClear.OLEAUT32(?), ref: 02B60CAC
                                                  • GetLastError.KERNEL32 ref: 02B60CD1
                                                  • CoUninitialize.COMBASE ref: 02B60CEA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Variant$ClearCreateErrorInitInitializeInstanceLastUninitialize_mbstowcs_s
                                                  • String ID: FriendlyName
                                                  • API String ID: 3888340987-3623505368
                                                  • Opcode ID: 4305c61824209265049092541c39fae5e86a8d40d8b3479196e987e7c6ac0ff5
                                                  • Instruction ID: 30f489a6b118c59a75463ba881e0dd6abdfc475c04df5e8359332ffd97b70624
                                                  • Opcode Fuzzy Hash: 4305c61824209265049092541c39fae5e86a8d40d8b3479196e987e7c6ac0ff5
                                                  • Instruction Fuzzy Hash: CD418F71E01209BFDB10DBA5D888DAEBBBDFF48754B004599F905E7210D775AE05CBA0
                                                  Function 02B5C0EA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 74shutdownCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(00000028,?), ref: 02B5C13D
                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 02B5C144
                                                  • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 02B5C158
                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 02B5C17B
                                                  • ExitWindowsEx.USER32(00000000,00000000), ref: 02B5C187
                                                  • GetLastError.KERNEL32 ref: 02B5C191
                                                  • CloseHandle.KERNEL32(00000000), ref: 02B5C1B7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ProcessToken$AdjustCloseCurrentErrorExitHandleLastLookupOpenPrivilegePrivilegesValueWindows
                                                  • String ID: SeShutdownPrivilege
                                                  • API String ID: 3672536310-3733053543
                                                  • Opcode ID: 7cf8aca650bc902ab6b29f53478073d3abcfe3f97d458f2cde94caed353ff2be
                                                  • Instruction ID: dbeb6e1084b233b79cb32f8a842edf9761908f67f63bf7b26d939cdbee548175
                                                  • Opcode Fuzzy Hash: 7cf8aca650bc902ab6b29f53478073d3abcfe3f97d458f2cde94caed353ff2be
                                                  • Instruction Fuzzy Hash: A9218B34A10219BFDB119FA8D849FAE7FB9FF08285F1044A5FD09E7100D7718A60DB90
                                                  Function 06542616 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 55COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __snprintf_s.LIBCMT ref: 06542638
                                                    • Part of subcall function 06545160: __vsnwprintf_s_l.LIBCMT ref: 06545175
                                                  • RpcStringBindingComposeW.RPCRT4(06555BCC,ncacn_np,?,06555BD0,00000000,06555BCC), ref: 06542658
                                                  • DceErrorInqTextA.RPCRT4(00000000,?), ref: 0654266A
                                                  • RpcBindingFromStringBindingW.RPCRT4(06555BCC,?), ref: 0654267B
                                                  • RpcStringFreeW.RPCRT4(06555BCC), ref: 06542689
                                                  • RpcBindingSetAuthInfoW.RPCRT4(?,06542577,00000006,00000009,00000000,00000000), ref: 0654269F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Binding$String$AuthComposeErrorFreeFromInfoText__snprintf_s__vsnwprintf_s_l
                                                  • String ID: \\%s$ncacn_np
                                                  • API String ID: 312306591-3858430495
                                                  • Opcode ID: 92173c8aa3996692e6750094e42439ed4dde6cc99a1cc1b7d77f54bb521b67b9
                                                  • Instruction ID: c5fe853a5913054ab35ac360a61f8401d07fb02cb84daa943073fd57feec22ee
                                                  • Opcode Fuzzy Hash: 92173c8aa3996692e6750094e42439ed4dde6cc99a1cc1b7d77f54bb521b67b9
                                                  • Instruction Fuzzy Hash: 16113C71A4021DBBEB11EEA0DC19EEE7B7DFB04704F400594BA15E2090FB709B549B90
                                                  Function 028D7A78 Relevance: 13.6, APIs: 9, Instructions: 108memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,759222C0), ref: 028D7AA6
                                                  • SetEntriesInAclW.ADVAPI32(00000001,?,00000000,?,?), ref: 028D7AEA
                                                  • AllocateAndInitializeSid.ADVAPI32(?,00000001,00001000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,028D7C4D), ref: 028D7B12
                                                  • LocalAlloc.KERNEL32(00000040,00000100), ref: 028D7B22
                                                  • InitializeAcl.ADVAPI32(00000000,00000100,00000004), ref: 028D7B2A
                                                    • Part of subcall function 028D770E: LoadLibraryA.KERNEL32(advapi32.dll,?,028D7B40,00000000,00000004,00000004,00000000,028D7C4D), ref: 028D7729
                                                    • Part of subcall function 028D770E: GetProcAddress.KERNEL32(00000000,AddMandatoryAce), ref: 028D7739
                                                  • LocalAlloc.KERNEL32(00000040,00000014,00000000,00000004,00000004,00000000,028D7C4D), ref: 028D7B44
                                                  • InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 028D7B4B
                                                  • SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,?,00000000), ref: 028D7B58
                                                  • SetSecurityDescriptorSacl.ADVAPI32(00000000,00000001,00000000,00000000), ref: 028D7B63
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Initialize$DescriptorSecurity$AllocAllocateLocal$AddressDaclEntriesLibraryLoadProcSacl
                                                  • String ID:
                                                  • API String ID: 2917215309-0
                                                  • Opcode ID: c42b50a62e59b72085820cd6ce9d2d777683bcfe04c080423bfd1d258e52382e
                                                  • Instruction ID: 3f87eead3bb1bceee47b7451f49eedab3d3c5bbf9e43853f3dc56ef31c0518ed
                                                  • Opcode Fuzzy Hash: c42b50a62e59b72085820cd6ce9d2d777683bcfe04c080423bfd1d258e52382e
                                                  • Instruction Fuzzy Hash: 8531E4B5D4020CBEEB10DF94DC85FEEBBBCEB48754F10406AF608B6280D7B55A458BA5
                                                  Function 06544631 Relevance: 13.6, APIs: 9, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F,00000000,00000000,?,06542071,00000000), ref: 06544649
                                                  • GetLastError.KERNEL32(?,06542071,00000000), ref: 06544655
                                                  • SetLastError.KERNEL32(00000000,00000000), ref: 065446A2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$ManagerOpen
                                                  • String ID:
                                                  • API String ID: 239337868-0
                                                  • Opcode ID: 9613d4b6cdbdd8fcf8293e564c49820b53d1dc13c7f257ed5b93daaf93fb5854
                                                  • Instruction ID: c78a8344a16f5cdd860701a94694b97c5345291b2fd9e8f73574b132e4372f73
                                                  • Opcode Fuzzy Hash: 9613d4b6cdbdd8fcf8293e564c49820b53d1dc13c7f257ed5b93daaf93fb5854
                                                  • Instruction Fuzzy Hash: E901A735580320BBD7212EA1AC5CAAF7FD9FB496BA7000055FA46D5211EA709404AEE4
                                                  Function 065447CF Relevance: 13.5, APIs: 9, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F,00000000,00000000,?,065420DC,00000000,00000000), ref: 065447E7
                                                  • GetLastError.KERNEL32(?,065420DC,00000000,00000000), ref: 065447F3
                                                  • SetLastError.KERNEL32(00000000,00000000,00000000), ref: 06544841
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$ManagerOpen
                                                  • String ID:
                                                  • API String ID: 239337868-0
                                                  • Opcode ID: 56784fb61a151b0c7db9d7e1b9d94f19e6c69548e017740860443f6a5b961ff9
                                                  • Instruction ID: 6482de7b265e02fe8021e4fb73211576841daa44c87fee76540700d381e40378
                                                  • Opcode Fuzzy Hash: 56784fb61a151b0c7db9d7e1b9d94f19e6c69548e017740860443f6a5b961ff9
                                                  • Instruction Fuzzy Hash: 3E018635540310BBD7222AB0AC5CB6F7FE9FB4A6AD7004462FB4292211EA309845AEE1
                                                  Function 065436CA Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(00000020,06543BF8,?,?,?,?,?,06543BF8), ref: 065436DC
                                                  • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,06543BF8), ref: 065436E3
                                                  • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 065436F7
                                                  • AdjustTokenPrivileges.ADVAPI32(06543BF8,00000000,?,00000000,00000000,00000000), ref: 0654371A
                                                  • GetLastError.KERNEL32(?,?,?,?,06543BF8), ref: 06543724
                                                  • CloseHandle.KERNEL32(00000000), ref: 06543735
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ProcessToken$AdjustCloseCurrentErrorHandleLastLookupOpenPrivilegePrivilegesValue
                                                  • String ID: SeDebugPrivilege
                                                  • API String ID: 3398352648-2896544425
                                                  • Opcode ID: 812fa1f1652a70dead19c71d1ea72db41037a60e900d5ad4ec7f7dc2aeee1ce8
                                                  • Instruction ID: e2a3bd27a731a0cbf71ec063253c700c28d72417fc8ef770934627187f46bdb5
                                                  • Opcode Fuzzy Hash: 812fa1f1652a70dead19c71d1ea72db41037a60e900d5ad4ec7f7dc2aeee1ce8
                                                  • Instruction Fuzzy Hash: 78012CB0901218EBDB10AFA1DD1CAAFBFBDFF04659F504095E905E2150E7309B04DAE1
                                                  Function 028D2CA9 Relevance: 12.1, APIs: 8, Instructions: 142memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 028DFBE9: _memset.LIBCMT ref: 028DFC00
                                                    • Part of subcall function 028DFBE9: GetModuleHandleA.KERNEL32(ntdll.dll,RtlGetVersion), ref: 028DFC1C
                                                    • Part of subcall function 028DFBE9: GetProcAddress.KERNEL32(00000000), ref: 028DFC23
                                                  • OpenProcess.KERNEL32(0000047A,00000000,00000000), ref: 028D2D02
                                                  • GetLastError.KERNEL32 ref: 028D2D0E
                                                  • VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000004), ref: 028D2D34
                                                  • GetLastError.KERNEL32 ref: 028D2D40
                                                  • CloseHandle.KERNEL32(00000000), ref: 028D2E06
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorHandleLast$AddressAllocCloseModuleOpenProcProcessVirtual_memset
                                                  • String ID:
                                                  • API String ID: 631583684-0
                                                  • Opcode ID: 5cd29f07cc3fe303894f4b1fc682f7558ffe9e29263480a74b3190e8469eeb7f
                                                  • Instruction ID: 1733b2a68f70defd817533287de646767c07948fcaac035fdef4aec6bf8627b0
                                                  • Opcode Fuzzy Hash: 5cd29f07cc3fe303894f4b1fc682f7558ffe9e29263480a74b3190e8469eeb7f
                                                  • Instruction Fuzzy Hash: 7141E13DA40209FBDB215E658C49FAF3B78EF84755F00001AFE08E61C5D770E914DAA5
                                                  Function 02B5CE80 Relevance: 12.1, APIs: 8, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • EnumDeviceDrivers.PSAPI(?,00000004,?), ref: 02B5CEAC
                                                  • _malloc.LIBCMT ref: 02B5CEBE
                                                    • Part of subcall function 02B79C52: __FF_MSGBANNER.LIBCMT ref: 02B79C69
                                                    • Part of subcall function 02B79C52: __NMSG_WRITE.LIBCMT ref: 02B79C70
                                                    • Part of subcall function 02B79C52: RtlAllocateHeap.NTDLL(00A40000,00000000,00000001,00000000,00000000,00000000,?,02B87D0E,?,?,?,00000000,?,02B87EE1,00000018,02B99648), ref: 02B79C95
                                                  • EnumDeviceDrivers.PSAPI(00000000,?,?,?,?,00000004,?), ref: 02B5CED4
                                                  • GetDeviceDriverBaseNameW.PSAPI(00000000,?,00000104,00000000,?,?,?,?,00000004,?), ref: 02B5CF06
                                                  • GetDeviceDriverFileNameW.PSAPI(00000000,?,00000104,00000000,?,00000104,00000000,?,?,?,?,00000004,?), ref: 02B5CF25
                                                  • _free.LIBCMT ref: 02B5CF73
                                                  • _free.LIBCMT ref: 02B5CF9D
                                                  • _free.LIBCMT ref: 02B5CFC9
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Device$_free$DriverDriversEnumName$AllocateBaseFileHeap_malloc
                                                  • String ID:
                                                  • API String ID: 3504099421-0
                                                  • Opcode ID: 60f409a0d43e0fb6498cc6fafc12837a664a99bfc4a27481a021cc1806151c1a
                                                  • Instruction ID: 1013a7b5d36b255a33fe7c4a0dbe8d7b85a14126c358632a463cd5f0f01549de
                                                  • Opcode Fuzzy Hash: 60f409a0d43e0fb6498cc6fafc12837a664a99bfc4a27481a021cc1806151c1a
                                                  • Instruction Fuzzy Hash: A4418075A40219EBDB10EFA4DC48EAE7BBAFF44350F1400E6ED08AB251D7719E55CB90
                                                  Function 06544FC9 Relevance: 12.1, APIs: 8, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(00000028,00000001,00000000,?,00000000,?,?,06544A39,SeDebugPrivilege,00000001), ref: 06544FF6
                                                  • OpenProcessToken.ADVAPI32(00000000,?,?,06544A39,SeDebugPrivilege,00000001), ref: 06544FFD
                                                  • LookupPrivilegeValueA.ADVAPI32(00000000,?,?), ref: 06545025
                                                  • AdjustTokenPrivileges.ADVAPI32(00000001,00000000,00000001,00000000,00000000,00000000), ref: 0654503A
                                                  • GetLastError.KERNEL32(?,?,06544A39,SeDebugPrivilege,00000001), ref: 06545044
                                                  • GetHandleInformation.KERNEL32(00000001,?,?,?,06544A39,SeDebugPrivilege,00000001), ref: 06545058
                                                  • CloseHandle.KERNEL32(00000001,?,?,06544A39,SeDebugPrivilege,00000001), ref: 06545065
                                                  • SetLastError.KERNEL32(00000000,?,?,06544A39,SeDebugPrivilege,00000001), ref: 0654506F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorHandleLastProcessToken$AdjustCloseCurrentInformationLookupOpenPrivilegePrivilegesValue
                                                  • String ID:
                                                  • API String ID: 1526621745-0
                                                  • Opcode ID: fcbbedff90fe9f4526dcb089b5d9320f610f2f14ae76c73f3cedee527e818eec
                                                  • Instruction ID: 73df0252edc7626a922d0845fca741e3d7bd04d59a29e01e10e11a0967b084c5
                                                  • Opcode Fuzzy Hash: fcbbedff90fe9f4526dcb089b5d9320f610f2f14ae76c73f3cedee527e818eec
                                                  • Instruction Fuzzy Hash: B7215E75D00208FFEB109FA5DC48AAEBBBDFF04259F10406AFA05E6150E6309E04ABA1
                                                  Function 028DFCF4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 87memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetProcessHeap.KERNEL32 ref: 028DFCFA
                                                    • Part of subcall function 028DFDD4: GetProcessHeap.KERNEL32(00000001,00000000,028DFC9A,?,028D2A41,00000001,?,?,028D1E76), ref: 028DFDD8
                                                    • Part of subcall function 028DFDD4: HeapAlloc.KERNEL32(00000000,00000008,00000004,?,028D2A41,00000001,?,?,028D1E76), ref: 028DFDFA
                                                    • Part of subcall function 028DFDD4: GetModuleHandleA.KERNEL32(ntdll.dll,00000000,?,028D2A41,00000001,?,?,028D1E76), ref: 028DFE13
                                                    • Part of subcall function 028DFDD4: LoadLibraryA.KERNEL32(ntdll.dll,?,028D2A41,00000001,?,?,028D1E76), ref: 028DFE24
                                                    • Part of subcall function 028DFDD4: HeapFree.KERNEL32(00000000,00000000,00000000,?,028D2A41,00000001,?,?,028D1E76), ref: 028DFEB8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Heap$Process$AllocFreeHandleLibraryLoadModule
                                                  • String ID: IoCompletion
                                                  • API String ID: 376688017-2167567656
                                                  • Opcode ID: cb39bc781fefa6b0aedf1342cb4819e4cda4ce53892f241638b8e0dbead5d499
                                                  • Instruction ID: b7ca43b8e407c3b619eca9c46f1cfe3762bca3209d9701b83db6b058d8d298dd
                                                  • Opcode Fuzzy Hash: cb39bc781fefa6b0aedf1342cb4819e4cda4ce53892f241638b8e0dbead5d499
                                                  • Instruction Fuzzy Hash: C6212B3DAC0318FBD7719A24DC09F997B64EB58B61F104411FB0AEA5C0C7B0A954DB90
                                                  Function 02B5947A Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(00000028,?), ref: 02B594A3
                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 02B594AA
                                                  • LookupPrivilegeValueA.ADVAPI32(00000000,SeDebugPrivilege,?), ref: 02B594D5
                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000000,00000000,00000000), ref: 02B594EB
                                                  • CloseHandle.KERNEL32(?), ref: 02B594F4
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                                  • String ID: SeDebugPrivilege
                                                  • API String ID: 3038321057-2896544425
                                                  • Opcode ID: 2e2553f7899e1564f391d911068bf98442a665965112a31d836994a2581deaf4
                                                  • Instruction ID: 0a9c7b4b70090caad15d65f4c2a2f8c57f29482a9faae1613ebe8ec9763a3c02
                                                  • Opcode Fuzzy Hash: 2e2553f7899e1564f391d911068bf98442a665965112a31d836994a2581deaf4
                                                  • Instruction Fuzzy Hash: 87119372D01626BFDB119BA8DD48EAF7BBDEF09290B0404A5FD09E7111DB718E149BE0
                                                  Function 06542D71 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RpcStringBindingComposeW.RPCRT4(12345678-1234-ABCD-EF00-0123456789AB,ncacn_np,?,\pipe\spoolss,00000000,?), ref: 06542E02
                                                  • RpcBindingFromStringBindingW.RPCRT4(?,?), ref: 06542E13
                                                  • RpcStringFreeW.RPCRT4(?), ref: 06542E1F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: BindingString$ComposeFreeFrom
                                                  • String ID: 12345678-1234-ABCD-EF00-0123456789AB$\pipe\spoolss$ncacn_np
                                                  • API String ID: 465755213-3126326737
                                                  • Opcode ID: 0f24eaa7497830a886f7e81e2c16ec4457818fa2a73a65c2a65566608a350ec5
                                                  • Instruction ID: 04fb997340d3bd75817931c7b50c59dbf71fb1f8c0f367459dd8952afad6f4c1
                                                  • Opcode Fuzzy Hash: 0f24eaa7497830a886f7e81e2c16ec4457818fa2a73a65c2a65566608a350ec5
                                                  • Instruction Fuzzy Hash: C111E1319902299ADB60EB64CC49EFB33B8FF14B91F0141AAFD049B150E3B19B81CBD0
                                                  Function 06544756 Relevance: 10.6, APIs: 7, Instructions: 52serviceCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F,00000000,00000000,?,06542083,00000000,?), ref: 0654476E
                                                  • GetLastError.KERNEL32(?,06542083,00000000,?), ref: 0654477A
                                                  • CreateServiceA.ADVAPI32(00000000,06542083,00000000,000F01FF,00000010,00000003,00000000,?,00000000,00000000,00000000,00000000,00000000,?,06542083,00000000), ref: 0654479B
                                                  • GetLastError.KERNEL32(?,06542083,00000000,?), ref: 065447A5
                                                  • CloseServiceHandle.ADVAPI32(00000000,?,06542083,00000000,?), ref: 065447B7
                                                  • SetLastError.KERNEL32(00000006,00000000,00000000,?,06542083,00000000,?), ref: 065447C3
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$Service$CloseCreateHandleManagerOpen
                                                  • String ID:
                                                  • API String ID: 1692906367-0
                                                  • Opcode ID: c7321ea64fec9dd7e0fd1d5ca9aea30f723c49b5851561af479cc511f011a48c
                                                  • Instruction ID: 89e69abea7263afa6c30ae1766ce1b35286242c3a8b1e90fab1c1b9a73083764
                                                  • Opcode Fuzzy Hash: c7321ea64fec9dd7e0fd1d5ca9aea30f723c49b5851561af479cc511f011a48c
                                                  • Instruction Fuzzy Hash: FF016731A85224BBD7712A619C1CBAF7FA9FF06BF9B004055FB0995111D6709402EAE1
                                                  Function 028D7B7F Relevance: 9.1, APIs: 6, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,?,028D7C2B,SeSecurityPrivilege,00000001,?,?,00000000,?), ref: 028D7B8B
                                                  • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,028D7C2B,SeSecurityPrivilege,00000001,?,?,00000000,?), ref: 028D7B92
                                                  • GetLastError.KERNEL32(?,?,?,?,?,028D7C2B,SeSecurityPrivilege,00000001,?,?,00000000,?,?,?,?,?), ref: 028D7B9C
                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,?), ref: 028D7BAD
                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000010,?,00000000), ref: 028D7BEA
                                                  • CloseHandle.KERNEL32(?), ref: 028D7C04
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ProcessToken$AdjustCloseCurrentErrorHandleLastLookupOpenPrivilegePrivilegesValue
                                                  • String ID:
                                                  • API String ID: 3398352648-0
                                                  • Opcode ID: 501683d8b108fc2382bd63bbde9f9a4c55abfd45c229b63c2be15d330390d4e2
                                                  • Instruction ID: 82cc357807636b73ee03997aa3e68fdea0445661011c32c560ba84b53bb2abbf
                                                  • Opcode Fuzzy Hash: 501683d8b108fc2382bd63bbde9f9a4c55abfd45c229b63c2be15d330390d4e2
                                                  • Instruction Fuzzy Hash: 4B111879A40209EFDB40DFA4CD49FEEBBF8FB08304F000855EA19E6280D7359A148B60
                                                  Function 02B5C9C4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 96timeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 02B5C9EF
                                                  • _memset.LIBCMT ref: 02B5CA09
                                                  • GetTimeZoneInformation.KERNEL32(00000000), ref: 02B5CA26
                                                  • GetLocalTime.KERNEL32(?), ref: 02B5CA32
                                                    • Part of subcall function 02B7A58C: __vsnprintf_s_l.LIBCMT ref: 02B7A5A1
                                                  Strings
                                                  • %d-%02d-%02d %02d:%02d:%02d.%d %S (UTC%s%d), xrefs: 02B5CA96
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Time_memset$InformationLocalZone__vsnprintf_s_l
                                                  • String ID: %d-%02d-%02d %02d:%02d:%02d.%d %S (UTC%s%d)
                                                  • API String ID: 3192655957-3952767286
                                                  • Opcode ID: a7f813206f3bd696924f526cb33839e309ad4825d5db81160a2a6f0f05d18c4c
                                                  • Instruction ID: f3182bfbacbf2e6ff0fbbbbd33f0d379f277d81dc59dece046c5abe05e431894
                                                  • Opcode Fuzzy Hash: a7f813206f3bd696924f526cb33839e309ad4825d5db81160a2a6f0f05d18c4c
                                                  • Instruction Fuzzy Hash: F6314372D40218BFDB50DBA8CC45FEEB3BDAB08741F0044A5F658E6190D6789E44CB61
                                                  Function 02B5B13E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48memoryinjectionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualAllocEx.KERNEL32(00000000,00000000,00000001,00001000,00000040,00000000,00000000,00000009,?,02B5B074,00000000,00000001,00000001,?,00000020,00000001), ref: 02B5B15F
                                                  • WriteProcessMemory.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000009,?,02B5B074,00000000,00000001,00000001,?,00000020,00000001), ref: 02B5B178
                                                  • VirtualProtectEx.KERNEL32(00000000,00000000,00000001,00000040,?,?,02B5B074,00000000,00000001,00000001,?,00000020,00000001,00000000), ref: 02B5B196
                                                  • GetLastError.KERNEL32(?,02B5B074,00000000,00000001,00000001,?,00000020,00000001,00000000,?,?,02B57C96,00000001,?), ref: 02B5B1A0
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Virtual$AllocErrorLastMemoryProcessProtectWrite
                                                  • String ID: @
                                                  • API String ID: 1410335098-2766056989
                                                  • Opcode ID: e406be87ff4aff8e9c25d4c5bfa2cd26f46e8bfc6501e4d45ccb9a3f2a6c96d4
                                                  • Instruction ID: d89b0b9d5043c1ef30b71c2fb29840d4ad81adf96a9a746af872db7d49e11c09
                                                  • Opcode Fuzzy Hash: e406be87ff4aff8e9c25d4c5bfa2cd26f46e8bfc6501e4d45ccb9a3f2a6c96d4
                                                  • Instruction Fuzzy Hash: 53015E3211012ABBDF118F99DC44F9B7F69FF49795F144065FE089A114D731D8A1DBA0
                                                  Function 028D8D3C Relevance: 7.5, APIs: 5, Instructions: 33networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLastacceptbindclosesocketlisten
                                                  • String ID:
                                                  • API String ID: 3590725066-0
                                                  • Opcode ID: f0a91bead3eaa96b436e754ebb057deaca6098dae66eed65ca299e473ea0d5d3
                                                  • Instruction ID: eb14ba070f3063c31c3594149bbb93bef7fde53676ec2123971ab738be7ae7ff
                                                  • Opcode Fuzzy Hash: f0a91bead3eaa96b436e754ebb057deaca6098dae66eed65ca299e473ea0d5d3
                                                  • Instruction Fuzzy Hash: 52F0F43C941018AFCB215FA9EC0C89A3F65EF063B5B104B11FA2ED62E0D73198629F90
                                                  Function 06544E73 Relevance: 6.1, APIs: 4, Instructions: 67injectionmemorythreadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualAllocEx.KERNEL32(?,00000000,?,00003000,00000004,06559CA0,00000010,06544BCF,?,?,?,?,?), ref: 06544EC0
                                                  • WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 06544ED4
                                                  • VirtualProtectEx.KERNEL32(?,?,?,00000020,?), ref: 06544EEA
                                                  • CreateRemoteThread.KERNEL32(?,00000000,00100000,?,00000000,00000000,?), ref: 06544F09
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Virtual$AllocCreateMemoryProcessProtectRemoteThreadWrite
                                                  • String ID:
                                                  • API String ID: 1113946311-0
                                                  • Opcode ID: c86f6622b9763d6efc61d617ed370f12de68158a4f43cb4ed1da1d4b07855ca5
                                                  • Instruction ID: bb4f4566b7180dad8f60c225e0054e0988141cfd1e4821c12a0a575f63801e3c
                                                  • Opcode Fuzzy Hash: c86f6622b9763d6efc61d617ed370f12de68158a4f43cb4ed1da1d4b07855ca5
                                                  • Instruction Fuzzy Hash: A9117C71A4130ABBDB61AF548C88FAF3BADFF04A64F14405ABA1496280E770D904DFB0
                                                  Function 028D5198 Relevance: 6.1, APIs: 4, Instructions: 67injectionmemorythreadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualAllocEx.KERNEL32(?,00000000,?,00003000,00000004,028F5458,00000010), ref: 028D51E5
                                                  • WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 028D51F9
                                                  • VirtualProtectEx.KERNEL32(?,?,?,00000020,?), ref: 028D520F
                                                  • CreateRemoteThread.KERNEL32(?,00000000,00100000,?,?,00000000,?), ref: 028D522E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Virtual$AllocCreateMemoryProcessProtectRemoteThreadWrite
                                                  • String ID:
                                                  • API String ID: 1113946311-0
                                                  • Opcode ID: 95028adbf54e82149f8ebbfadf17d7dd13c1c5fc5c2caf48bd3ee6927bd4f630
                                                  • Instruction ID: f5c3d4adede083f805c9db9b121e11e169681b83a7fd4a8da460a874866ac618
                                                  • Opcode Fuzzy Hash: 95028adbf54e82149f8ebbfadf17d7dd13c1c5fc5c2caf48bd3ee6927bd4f630
                                                  • Instruction Fuzzy Hash: D2116A7D600209BBDB218F55CC85FAF3B68AF15B94F40801ABA18EA180D778D918DFA0
                                                  Function 028D6105 Relevance: 4.5, APIs: 3, Instructions: 25encryptionCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • CryptDestroyKey.ADVAPI32(?,028D7FBC,?,028D6626,028D7FBC,75A7BD50,?,028D7FBC,00000000), ref: 028D611C
                                                  • CryptReleaseContext.ADVAPI32(10E015FF,00000000,028D7FBC,?,028D6626,028D7FBC,75A7BD50,?,028D7FBC,00000000), ref: 028D612E
                                                  • _free.LIBCMT ref: 028D6137
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Crypt$ContextDestroyRelease_free
                                                  • String ID:
                                                  • API String ID: 965609376-0
                                                  • Opcode ID: ea3d924c20d90d599a6bdd0e1f61a4830f7ea19bc25c8b23761dd0e7fa7682a5
                                                  • Instruction ID: 5a022981946fe1840117b4e4a5714b1947214b91f528bd483706da7138efb74f
                                                  • Opcode Fuzzy Hash: ea3d924c20d90d599a6bdd0e1f61a4830f7ea19bc25c8b23761dd0e7fa7682a5
                                                  • Instruction Fuzzy Hash: 07F06D39541354DFDB219F16E808B56BBE9EF04359F044464E509D75B1D7B1E894CB40
                                                  Function 02B544B4 Relevance: 3.0, APIs: 2, Instructions: 36fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • FindFirstFileW.KERNEL32(?,?), ref: 02B544C7
                                                  • FindClose.KERNEL32(00000000), ref: 02B544D7
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Find$CloseFileFirst
                                                  • String ID:
                                                  • API String ID: 2295610775-0
                                                  • Opcode ID: f495fc7a00b3cbe7e789a33bded63c7b61d7fff9dc3e570b3d79f993df503a59
                                                  • Instruction ID: aca4acd6192b0e6f87e72ea4cc187ecaf5ae340e47a657a6caad7aded8238ca4
                                                  • Opcode Fuzzy Hash: f495fc7a00b3cbe7e789a33bded63c7b61d7fff9dc3e570b3d79f993df503a59
                                                  • Instruction Fuzzy Hash: 520155749112189FCB50DF28D988A98BBF4FB08315F2085D9E81CDB351E735DA92CF50
                                                  Function 02B5C4E6 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ClearEventLogA.ADVAPI32(00000000,00000000), ref: 02B5C511
                                                  • GetLastError.KERNEL32 ref: 02B5C51B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ClearErrorEventLast
                                                  • String ID:
                                                  • API String ID: 1161489092-0
                                                  • Opcode ID: e2b8ba7f144799929f5fed019e0ea93629e0df95f132ab0dd1e6ff34da3528b0
                                                  • Instruction ID: 937f3d2cbd68e4b1e7843958d409bf5260a8680fc0149af0f894ca483366c69d
                                                  • Opcode Fuzzy Hash: e2b8ba7f144799929f5fed019e0ea93629e0df95f132ab0dd1e6ff34da3528b0
                                                  • Instruction Fuzzy Hash: 6FF08236910215AFC7506FA9E80DE9A3FEAFF882E1B150468F90CC7210D7B2D821DB90
                                                  Function 065425E0 Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: BindingFree_free
                                                  • String ID:
                                                  • API String ID: 1747190666-0
                                                  • Opcode ID: 80ea75d7b53a4d5e03b527b2cf047a62799808a876d1ccb98fc5faa44c8dae5f
                                                  • Instruction ID: 5aa8e21d4a82aa020c3c3bd2d83f4bd079eb7a768cadcebe5345e086a7db32c2
                                                  • Opcode Fuzzy Hash: 80ea75d7b53a4d5e03b527b2cf047a62799808a876d1ccb98fc5faa44c8dae5f
                                                  • Instruction Fuzzy Hash: 9FE046B4D0031A978B50BEA8884488E7725BF04334F204284F830B32D0DB298A51CA60
                                                  Function 06549CAD Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,06546B08,?,?,?,00000000), ref: 06549CB2
                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,00000000), ref: 06549CBB
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled
                                                  • String ID:
                                                  • API String ID: 3192549508-0
                                                  • Opcode ID: f372d91a458f3c078ea2ce79da922505d0c4d5994a03400a04d0f2f64fc580b7
                                                  • Instruction ID: d63eeadaabb4060f94dbdd7f0568dcfbe8debca9e707f68ba95752a81f032899
                                                  • Opcode Fuzzy Hash: f372d91a458f3c078ea2ce79da922505d0c4d5994a03400a04d0f2f64fc580b7
                                                  • Instruction Fuzzy Hash: 2AB09231044308BBDA002F91E81DB883F3AEB04652F000010F74D48050EBA25454AA91
                                                  Function 028E94BF Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,028E5482,?,?,?,00000000), ref: 028E94C4
                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,00000000), ref: 028E94CD
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled
                                                  • String ID:
                                                  • API String ID: 3192549508-0
                                                  • Opcode ID: 9449132045593e3f1bac69e9186ef115567199c02b3d5c3f6f4d76d8c6bc672a
                                                  • Instruction ID: 2b07ec63fcfcd7a816eac60914e9f913266a1fcda96c5e5574ffe9b1b3c72b61
                                                  • Opcode Fuzzy Hash: 9449132045593e3f1bac69e9186ef115567199c02b3d5c3f6f4d76d8c6bc672a
                                                  • Instruction Fuzzy Hash: 7BB09239488208EBCB802B91E80DF483F68EB456A2F104411F70D844D4CB6294608B95
                                                  Function 02B87C9A Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,02B800A6,?,?,?,00000000), ref: 02B87C9F
                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,00000000), ref: 02B87CA8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled
                                                  • String ID:
                                                  • API String ID: 3192549508-0
                                                  • Opcode ID: 966cae9002740771546102cae2d9842e133afd5ec823ca32f95ad868a8bb7944
                                                  • Instruction ID: a59d6c2880c023cf6ed29065379ace6f23956afc0dc2e11095793b7a80388792
                                                  • Opcode Fuzzy Hash: 966cae9002740771546102cae2d9842e133afd5ec823ca32f95ad868a8bb7944
                                                  • Instruction Fuzzy Hash: 2DB092314A420DBBCB002F99FA09BA83F28EB047A2F004411F61D86052CB6254B0AE91
                                                  Function 028BEDE9 Relevance: 2.4, APIs: 1, Instructions: 881COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: __invoke_watson
                                                  • String ID:
                                                  • API String ID: 3648217671-0
                                                  • Opcode ID: 6d30ffa99691e793b1ca42afe703e0e2965673ede81acc93e5dabc15090d70bb
                                                  • Instruction ID: a7c9459905a46f99f9046cd72f65c19dbd6e7411c411b2cf226fa44fb5302c5a
                                                  • Opcode Fuzzy Hash: 6d30ffa99691e793b1ca42afe703e0e2965673ede81acc93e5dabc15090d70bb
                                                  • Instruction Fuzzy Hash: E5626C7DE0025A8BDB25CFA8C8402EDBBB1FF58304F65816EE959EB741D7749942CB80
                                                  Function 028DE066 Relevance: 2.2, APIs: 1, Instructions: 746COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _memmove
                                                  • String ID:
                                                  • API String ID: 4104443479-0
                                                  • Opcode ID: 4157190ee917a8c75034bd7cc10765b3b0c461012f0605f054b7f26ee094a253
                                                  • Instruction ID: c8f77700473c325b12266808749fad25fcf1794ba87d9af2e22f4acaacb0a65b
                                                  • Opcode Fuzzy Hash: 4157190ee917a8c75034bd7cc10765b3b0c461012f0605f054b7f26ee094a253
                                                  • Instruction Fuzzy Hash: 83620D79A0060AEFDB04CF68C990AADBBB5FF48315F148629E919DB740D734EA54CF90
                                                  Function 06542E3B Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: BindingFree
                                                  • String ID:
                                                  • API String ID: 3284907940-0
                                                  • Opcode ID: 7d3660b8042eac010aab374fa4ed2f35119fd128fd756e5bcd56ba87198a92a0
                                                  • Instruction ID: baada707df95d8e1bd7c241d486bb062d7ebd4bdc7b489a6fe3469cbd181fb6e
                                                  • Opcode Fuzzy Hash: 7d3660b8042eac010aab374fa4ed2f35119fd128fd756e5bcd56ba87198a92a0
                                                  • Instruction Fuzzy Hash: 7AB0123700030C978700BAD0BC0CCC7B35CE7542217008012BA1AC2410E630F2189760
                                                  Function 06544091 Relevance: .5, Instructions: 480COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8399a1230c945270fc77e05d2665d9a4576f564ea93816959c5664c69e2c4367
                                                  • Instruction ID: bb2e620c38f268c8409dcf06cd6b9452f84fd8ac7e1ca0f7f8ec14c797d45d73
                                                  • Opcode Fuzzy Hash: 8399a1230c945270fc77e05d2665d9a4576f564ea93816959c5664c69e2c4367
                                                  • Instruction Fuzzy Hash: A01247B1E4021A9FDB64DF98C880BAEBBF4FF48318F2441AAD855AB341D7749941CF90
                                                  Function 028D5597 Relevance: .5, Instructions: 480COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3155a1d6c1fc5cbd9442a17302cd22548b8bfb1aff98311ead932b8c21215fde
                                                  • Instruction ID: 138e36813d5ab68facddd4d35a7f2b79f3133b95e9fddde23a799e074b11f73d
                                                  • Opcode Fuzzy Hash: 3155a1d6c1fc5cbd9442a17302cd22548b8bfb1aff98311ead932b8c21215fde
                                                  • Instruction Fuzzy Hash: FA122979E0021A9FDB24CF98C890BAEBBF4EF08314F64416AD959EB341D7749945CF90
                                                  Function 02B52EF9 Relevance: .5, Instructions: 480COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8399a1230c945270fc77e05d2665d9a4576f564ea93816959c5664c69e2c4367
                                                  • Instruction ID: e49fd4f6fa2d0e0e6ddf9d13af08558d5761a4f51e4893dbd516762a1ea1ba78
                                                  • Opcode Fuzzy Hash: 8399a1230c945270fc77e05d2665d9a4576f564ea93816959c5664c69e2c4367
                                                  • Instruction Fuzzy Hash: CB1228B1E0022A9FDB24CF98C890BADBBF4FF48354F2441AAED55AB341D7759941CB90
                                                  Function 028AE8C1 Relevance: .4, Instructions: 369COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3fe5e054ae8f7e7a9f8c43198b7e314e9966a12b68df81b2b274b5bd224f5eec
                                                  • Instruction ID: 3f8d844366de48bbc77625302ae2b45237abccf6540eb03d1a3e9d579fe64f28
                                                  • Opcode Fuzzy Hash: 3fe5e054ae8f7e7a9f8c43198b7e314e9966a12b68df81b2b274b5bd224f5eec
                                                  • Instruction Fuzzy Hash: FAF1E479E102199FDF14CFA8D490AADBBB5FF88314F24856AE859E7340DB30AA45CF50
                                                  Function 028DF4C1 Relevance: .4, Instructions: 369COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3fe5e054ae8f7e7a9f8c43198b7e314e9966a12b68df81b2b274b5bd224f5eec
                                                  • Instruction ID: dc9f04283e0e258b1803eda41e130d5d4abce261e0561e770ba535e280a374e9
                                                  • Opcode Fuzzy Hash: 3fe5e054ae8f7e7a9f8c43198b7e314e9966a12b68df81b2b274b5bd224f5eec
                                                  • Instruction Fuzzy Hash: F6F1E379E002199FCF14CFA8D480AADBBB1FF58314F24816AE95AE7650D730AA85DF50
                                                  Function 028B1B69 Relevance: .3, Instructions: 345COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                  • Instruction ID: 4a0ea664afeb3d3798679328a4146ffa98f5d3aec70576b6dedcd4fb3ea77325
                                                  • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                  • Instruction Fuzzy Hash: 3AC1B03E20519309DB6E463A847C1BEBAE15EA26B530A176DD4FFCF6C4EF20D125C624
                                                  Function 028E2769 Relevance: .3, Instructions: 345COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                  • Instruction ID: 9566aa2701045d482a757dfa6af91cbb15eac45d9b76c8bc6676c660ac1aff0d
                                                  • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                  • Instruction Fuzzy Hash: 75C1733F2091A309DF2E4639947413EBAA95E936B531E175DECB7CB1D8EF20D124DA20
                                                  Function 02B7DAF3 Relevance: .3, Instructions: 345COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                  • Instruction ID: 2db485e47fd5dfdbd891ffc2e1db98bb152356b39ffa139a0041c745ed4f283a
                                                  • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                  • Instruction Fuzzy Hash: E0C15D322091930ADF6D867A857413EBAA19F926F531A07EED4B7CF2D4FF20C164D620
                                                  Function 028B1F9E Relevance: .3, Instructions: 341COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                  • Instruction ID: 42fb3c930c7969924f9c640e3fffb3241d19600d26105b33729cd4300f7b6a97
                                                  • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                  • Instruction Fuzzy Hash: 0FC1B73E20505309DF6F463994381BEFAE15EA26B530A176DD8FACF6D8EF10D125D620
                                                  Function 028E2B9E Relevance: .3, Instructions: 341COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                  • Instruction ID: be604ee5ee0a8e18d6fdcf7a86e21337ed037281ce3af73619c29e5fb425af00
                                                  • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                  • Instruction Fuzzy Hash: 8DC1723F2051930ADF2E4639D43413EBAA55A936B531E1B6DECB7CB1D9EF20D124DA20
                                                  Function 02B7DF28 Relevance: .3, Instructions: 341COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                  • Instruction ID: afaa4c801632883494b42961e4b6e9078f47871bb384aba10115c4a78b3d8e70
                                                  • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                  • Instruction Fuzzy Hash: EFC180322091930ADF6D867A857513EBAA19F926F531A07EDE8B7CF1D5FF20C124D620
                                                  Function 028B1734 Relevance: .3, Instructions: 331COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                  • Instruction ID: 4f99b2f057b00a3b3cc25ebf9eba24e21b0c0920710369293c0d93e76328fd57
                                                  • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                  • Instruction Fuzzy Hash: D4C1A23E2051930ADF6E4639843C1BEBAE15EA26B531A136DD4FECF6C8EF10D125C624
                                                  Function 028E2334 Relevance: .3, Instructions: 331COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                  • Instruction ID: ee589b5d326dc586fef78689ec138595bbdd63e78c83ef75bf128a97cb5fb8a6
                                                  • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                  • Instruction Fuzzy Hash: A2C1857F2051A30ADF6E4639843413EBAA55A936B531F176DECB7CB1E9EF10C124DA20
                                                  Function 02B7D6BE Relevance: .3, Instructions: 331COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                  • Instruction ID: 19800faaa6ceddbcab8820d828cf0cf246eb6c706d996dee6ed5d3bd7232cb09
                                                  • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                  • Instruction Fuzzy Hash: BAC16B322091A30ADF2D867A857413EBBA1AF926F531A07EDD4B6CF1D5FF20D124D620
                                                  Function 028B131C Relevance: .3, Instructions: 323COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                  • Instruction ID: 4abbc3ef507913b0303b63769664c9bf458afd3e1d71173be6686849291ef22c
                                                  • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                  • Instruction Fuzzy Hash: 61C1A23E2050930ADF6E4639943C1BEBAE15EA26B531A176DD4BFCF6C9EF10C125C624
                                                  Function 028E1F1C Relevance: .3, Instructions: 323COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                  • Instruction ID: beb2cb8385b34484f4a7c640538836d4d0b27943f01fe59013e184e4e1ecb199
                                                  • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                  • Instruction Fuzzy Hash: 2BC18F3F2051930ADF2E4639943453EFBA55A936B531E176DE8BBCB1D8EF20D124DA20
                                                  Function 02B7D2A6 Relevance: .3, Instructions: 323COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                  • Instruction ID: 57ac4f8196353290d85a92b51ff6dd52451bda47a83498c29c70b6467ab3f8fe
                                                  • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                  • Instruction Fuzzy Hash: D9C15B322091930ADB2D867AC53453EBAA19F926F531A17EDE8B7CF1D5FF20D124D620
                                                  Function 028DAC01 Relevance: .3, Instructions: 283COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e9ffff0072e4430c35e582ba7ac8c21edfda0f854405202298ca28f0f9f269c9
                                                  • Instruction ID: 489127505733f11ae2c1af32405bd3318c0cf37df2df360839965575d3c4b042
                                                  • Opcode Fuzzy Hash: e9ffff0072e4430c35e582ba7ac8c21edfda0f854405202298ca28f0f9f269c9
                                                  • Instruction Fuzzy Hash: 67C1E7B9600700CFD734CF19C480A26B7F4FF49719B258A5ED99ACB691D735E84ACB50
                                                  Function 028C7434 Relevance: .1, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 73e2f19de2553d47a394b41184345e0d7d1b895b86a961d0bdd42770b280f8d7
                                                  • Instruction ID: b2dcc6f9e651b58bad6ad564b950ee48cafb8d98d55c8f362013df0d80b05f52
                                                  • Opcode Fuzzy Hash: 73e2f19de2553d47a394b41184345e0d7d1b895b86a961d0bdd42770b280f8d7
                                                  • Instruction Fuzzy Hash: ED21062804E3D19FC3039B7498E24827FB26E0B25931F44DAC8C09F4B3D298189ED7A2
                                                  Function 02B5D23E Relevance: 63.2, APIs: 8, Strings: 28, Instructions: 179libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 02B5D25F
                                                  • GetModuleHandleA.KERNEL32(ntdll,?,00000000,00000000), ref: 02B5D26C
                                                  • GetLastError.KERNEL32(?,00000000,00000000), ref: 02B5D276
                                                  • GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 02B5D28A
                                                  • GetLastError.KERNEL32(?,00000000,00000000), ref: 02B5D296
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$AddressHandleModuleProc_memset
                                                  • String ID: %s (%u.%u Build %u).$%s (%u.%u Build %u, %S).$RtlGetVersion$Unknown$Windows 10$Windows 11$Windows 2000$Windows 7$Windows 8$Windows 8.1$Windows 95$Windows 98$Windows ME$Windows NT 3.51$Windows NT 4.0$Windows Server 2000$Windows Server 2003$Windows Server 2008$Windows Server 2008 R2$Windows Server 2012$Windows Server 2012 R2$Windows Server 2016$Windows Server 2019$Windows Server 2022$Windows Vista$Windows XP$ntdll$|O
                                                  • API String ID: 2086339396-3027245530
                                                  • Opcode ID: 135baaff19f35460ea3068f147e4d318703fd5bdae4cf0154ca805021889e679
                                                  • Instruction ID: f66a1770cd816546d6fcc608f1cd3fcb9c8bb8fa7f84993cd8c8f57b3e292af5
                                                  • Opcode Fuzzy Hash: 135baaff19f35460ea3068f147e4d318703fd5bdae4cf0154ca805021889e679
                                                  • Instruction Fuzzy Hash: A851A272D0413BEBDF3846549C41BEA7668EB05754F4886F6EE49EB200D3709EC58FA2
                                                  Function 02B5A23E Relevance: 49.2, APIs: 21, Strings: 7, Instructions: 222libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _wmemset.LIBCMT ref: 02B5A268
                                                  • OpenProcess.KERNEL32(00000410,00000000,?,?,00000000,00000000), ref: 02B5A279
                                                  • LoadLibraryA.KERNEL32(psapi), ref: 02B5A28E
                                                  • GetProcAddress.KERNEL32(00000000,GetModuleFileNameExW), ref: 02B5A2AC
                                                  • LoadLibraryA.KERNEL32(kernel32), ref: 02B5A2D8
                                                  • GetProcAddress.KERNEL32(00000000,QueryFullProcessImageNameW), ref: 02B5A2F2
                                                  • FreeLibrary.KERNEL32(?), ref: 02B5A31D
                                                  • GetProcAddress.KERNEL32(?,GetProcessImageFileNameW), ref: 02B5A341
                                                  • _memset.LIBCMT ref: 02B5A37B
                                                  • _memset.LIBCMT ref: 02B5A395
                                                  • LoadLibraryA.KERNEL32(ntdll), ref: 02B5A3A2
                                                  • GetProcAddress.KERNEL32(00000000,NtQueryInformationProcess), ref: 02B5A3BB
                                                  • ReadProcessMemory.KERNEL32(00000000,?,00000000,00000040,00000000), ref: 02B5A3FD
                                                  • ReadProcessMemory.KERNEL32(00000000,00000000,?,00000048,00000000), ref: 02B5A41B
                                                  • ReadProcessMemory.KERNEL32(00000000,?,?,?,00000000), ref: 02B5A42F
                                                  • _wcsrchr.LIBCMT ref: 02B5A440
                                                  • _wcsncpy.LIBCMT ref: 02B5A459
                                                  • FreeLibrary.KERNEL32(?), ref: 02B5A471
                                                  • FreeLibrary.KERNEL32(?), ref: 02B5A47C
                                                  • CloseHandle.KERNEL32(00000000), ref: 02B5A483
                                                  • _wmemset.LIBCMT ref: 02B5A496
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Library$AddressProcProcess$FreeLoadMemoryRead$_memset_wmemset$CloseHandleOpen_wcsncpy_wcsrchr
                                                  • String ID: GetModuleFileNameExW$GetProcessImageFileNameW$NtQueryInformationProcess$QueryFullProcessImageNameW$kernel32$ntdll$psapi
                                                  • API String ID: 72418175-385265775
                                                  • Opcode ID: 6a226e2953b9f4cc7c4acf403215f729ec3d09bc81b5affde32a10d9d4ec99ab
                                                  • Instruction ID: c2841cb5ee122f921b1a5e00769a37ab02c6bf8aa0591542afdd936a9e900b6a
                                                  • Opcode Fuzzy Hash: 6a226e2953b9f4cc7c4acf403215f729ec3d09bc81b5affde32a10d9d4ec99ab
                                                  • Instruction Fuzzy Hash: A571C571A40226BBEF219FA9CC49FAE77A8EF04B41F0485A8FD09FB140DB71D5119B60
                                                  Function 06543214 Relevance: 49.2, APIs: 24, Strings: 4, Instructions: 201libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 0654323F
                                                  • _memset.LIBCMT ref: 06543253
                                                  • _memset.LIBCMT ref: 0654326B
                                                  • GetModuleHandleA.KERNEL32(ntdll,?,?,?,?,?,?,00000000,00000000,?), ref: 0654327A
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00000000,?), ref: 06543284
                                                  • GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 06543295
                                                  • _rand.LIBCMT ref: 065432CA
                                                  • _rand.LIBCMT ref: 065432D4
                                                  • _rand.LIBCMT ref: 065432DD
                                                  • _rand.LIBCMT ref: 065432E7
                                                  • __snprintf_s.LIBCMT ref: 06543305
                                                  • __snprintf_s.LIBCMT ref: 0654331A
                                                  • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,00000000), ref: 06543329
                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,00000000,00000000,?), ref: 06543463
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _rand$_memset$Handle__snprintf_s$AddressCloseCreateErrorLastModuleProcSemaphore
                                                  • String ID: RtlGetVersion$\\.\pipe\%08x%08x$\\localhost\pipe\%08x%08x$ntdll
                                                  • API String ID: 656781535-3272578444
                                                  • Opcode ID: d72ff7725f843b946cbf740781554a1992e9b7e5a882acb6bd2e181941aadf01
                                                  • Instruction ID: a7a4384d2aa5abe98a4a2f8b480ac8739e68307850c468d45ce00944131f2e63
                                                  • Opcode Fuzzy Hash: d72ff7725f843b946cbf740781554a1992e9b7e5a882acb6bd2e181941aadf01
                                                  • Instruction Fuzzy Hash: 40619171A00315AFEBA1ABA59C5CFEA7BADFF44758F0000E5FA45E7150EB709A04CA60
                                                  Function 06542104 Relevance: 47.5, APIs: 23, Strings: 4, Instructions: 279filesleepCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _memset$FileHandle__snprintf_s$Close_strlen$CreateDeleteErrorInformationLastPathSleepTempWrite
                                                  • String ID: %s%s.dll$%s\%s.dll$\\.\pipe\%s$rundll32.exe %s,a /p:%s
                                                  • API String ID: 3549636027-3794227474
                                                  • Opcode ID: 8fc84102e4ae65a747dc74125334a6110dc2645e9053d796419ad57ea6036fce
                                                  • Instruction ID: 7d5b06c56ffbca85f560174a04c27164d4fd558d1fd3f6ecc06f552854a3cdd8
                                                  • Opcode Fuzzy Hash: 8fc84102e4ae65a747dc74125334a6110dc2645e9053d796419ad57ea6036fce
                                                  • Instruction Fuzzy Hash: EAA12271904215AFDB50AFA4DC98BEE7BBDFF44358F0440A9F605E6240EB309B44DB60
                                                  Function 065426B1 Relevance: 45.8, APIs: 20, Strings: 6, Instructions: 262sleeplibraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 065426D1
                                                  • _memset.LIBCMT ref: 065426EE
                                                  • _memset.LIBCMT ref: 06542709
                                                  • GetModuleHandleA.KERNEL32(ntdll,?,?,?,?,?,?,?,00000000,?), ref: 06542716
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,?), ref: 06542720
                                                  • GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 06542731
                                                  • SetLastError.KERNEL32(00000078,?,?,?,?,?,?,?,00000000,?), ref: 06542755
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,?), ref: 0654282D
                                                  • _rand.LIBCMT ref: 06542893
                                                  • _rand.LIBCMT ref: 0654289D
                                                  • _rand.LIBCMT ref: 065428A6
                                                  • _rand.LIBCMT ref: 065428B0
                                                  • __snprintf_s.LIBCMT ref: 065428CE
                                                  • __snprintf_s.LIBCMT ref: 065428E7
                                                  • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,00000000), ref: 065428F6
                                                  • WaitForSingleObject.KERNEL32(00000000,000001F4), ref: 0654295B
                                                  • Sleep.KERNEL32(000001F4,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 06542967
                                                  • GetExitCodeThread.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 065429A8
                                                  • GetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,00000000,?), ref: 065429C4
                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,00000000,?), ref: 065429E6
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast_rand$_memset$Handle__snprintf_s$AddressCloseCodeCreateExitModuleObjectProcSemaphoreSingleSleepThreadWait
                                                  • String ID: %08x%08x$RtlGetVersion$\\.\pipe\%08x%08x\pipe\srvsvc$\\.\pipe\efsrpc$\\.\pipe\lsarpc$ntdll
                                                  • API String ID: 3733928832-908824396
                                                  • Opcode ID: 62c76344fc223aee7a5c631e49c569b051a265c707548bf98bd329726535169d
                                                  • Instruction ID: a3db7ff034bed8f5ddfed8033af2e071048a88c7262540dcf5aeb1d012cbe5fd
                                                  • Opcode Fuzzy Hash: 62c76344fc223aee7a5c631e49c569b051a265c707548bf98bd329726535169d
                                                  • Instruction Fuzzy Hash: F7819571D00326ABDBA0BFA4DC98AAE77B9FB44358F1004E6F915E6150E7319B84CF61
                                                  Function 02B5FFB2 Relevance: 44.0, APIs: 21, Strings: 4, Instructions: 222memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _memmove$HeapProcess
                                                  • String ID: RIFF$WAVE$data$fmt
                                                  • API String ID: 3431154227-4212202414
                                                  • Opcode ID: 420601c90ad16dc77bb846af5faef9903f3a725833575c0819495699526221d4
                                                  • Instruction ID: a02ba8fd5d021b0007b26154b0bcd659226889818cceda2ec89c5d054281cf6d
                                                  • Opcode Fuzzy Hash: 420601c90ad16dc77bb846af5faef9903f3a725833575c0819495699526221d4
                                                  • Instruction Fuzzy Hash: 70817271E80205ABDB11EFA8EC4AEAE7BB8FF08390F000895FE09D7250D7749961CB54
                                                  Function 02B51879 Relevance: 42.3, APIs: 20, Strings: 4, Instructions: 270libraryloadernetworkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleA.KERNEL32(iphlpapi,GetExtendedTcpTable,?,00000000,02B51F31,0000000A,00000418,00000001,00000000), ref: 02B5188D
                                                  • GetProcAddress.KERNEL32(00000000), ref: 02B51894
                                                  • _malloc.LIBCMT ref: 02B518CF
                                                  • htons.WS2_32(?), ref: 02B51933
                                                  • _strncpy.LIBCMT ref: 02B51988
                                                  • _strncpy.LIBCMT ref: 02B5199D
                                                  • _strncpy.LIBCMT ref: 02B519B2
                                                    • Part of subcall function 02B51716: GetTcpTable.IPHLPAPI(00000000,00000001,00000001), ref: 02B5172D
                                                    • Part of subcall function 02B51716: _malloc.LIBCMT ref: 02B5173E
                                                    • Part of subcall function 02B51716: GetTcpTable.IPHLPAPI(00000000,00000001,00000001), ref: 02B5174D
                                                    • Part of subcall function 02B51716: htons.WS2_32(?), ref: 02B517A0
                                                    • Part of subcall function 02B51716: _free.LIBCMT ref: 02B51854
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _strncpy$Table_mallochtons$AddressHandleModuleProc_free
                                                  • String ID: GetExtendedTcpTable$iphlpapi$tcp$tcp6
                                                  • API String ID: 260298066-586099951
                                                  • Opcode ID: 8af32c1f8efd9afa62c523b54b968bdb1e9692be1eb7f8c1c62bfed72060ec2d
                                                  • Instruction ID: 776a325bdca4f7f038a24f9a0d67597384bde35fe7c1f48d6417959069f2f5bb
                                                  • Opcode Fuzzy Hash: 8af32c1f8efd9afa62c523b54b968bdb1e9692be1eb7f8c1c62bfed72060ec2d
                                                  • Instruction Fuzzy Hash: CDA18D71E50214AFDB10DF68C885FAEB7B8FF09704F104496E919EB241E770AA41CFA0
                                                  Function 06542B4F Relevance: 42.2, APIs: 19, Strings: 5, Instructions: 174libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 06542B74
                                                  • _memset.LIBCMT ref: 06542B8F
                                                  • _memset.LIBCMT ref: 06542BA7
                                                    • Part of subcall function 065424E0: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,?,06542BB6,\\.\pipe\spoolss,?,00000000,00000118,?,00000000,00000206), ref: 065424F8
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,?), ref: 06542BBD
                                                  • GetModuleHandleA.KERNEL32(ntdll,?,?,?,?,?,?,?,?,00000000,?), ref: 06542BCD
                                                  • GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 06542BDD
                                                  • _rand.LIBCMT ref: 06542C1D
                                                  • _rand.LIBCMT ref: 06542C27
                                                  • _rand.LIBCMT ref: 06542C30
                                                  • _rand.LIBCMT ref: 06542C3A
                                                  • __snprintf_s.LIBCMT ref: 06542C58
                                                  • __snprintf_s.LIBCMT ref: 06542C71
                                                  • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,00000000), ref: 06542C80
                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,?), ref: 06542D62
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _rand$_memset$CreateHandle__snprintf_s$AddressCloseErrorFileLastModuleProcSemaphore
                                                  • String ID: %08x%08x$RtlGetVersion$\\.\pipe\%08x%08x\pipe\spoolss$\\.\pipe\spoolss$ntdll
                                                  • API String ID: 2902938210-2802406934
                                                  • Opcode ID: bac59c7efb553fe4a852ef206c534bad34936b150c5889363b53d4436da12ab5
                                                  • Instruction ID: 2972f7567440ff7ad2f2cddb40e0e1e7f5e4954f33d896f5ac62cd994a031ac2
                                                  • Opcode Fuzzy Hash: bac59c7efb553fe4a852ef206c534bad34936b150c5889363b53d4436da12ab5
                                                  • Instruction Fuzzy Hash: 89518071A01329BFEB90BFA09D9DE9A77ACFF44758F0004E5FA05E6141EB709B448A60
                                                  Function 02B51C94 Relevance: 38.7, APIs: 18, Strings: 4, Instructions: 227libraryloadernetworkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleA.KERNEL32(iphlpapi,GetExtendedUdpTable,?,?,?,?,?,02B51F4B,0000000A,?,?,00000000), ref: 02B51CA8
                                                  • GetProcAddress.KERNEL32(00000000), ref: 02B51CAF
                                                  • _malloc.LIBCMT ref: 02B51CEA
                                                  • htons.WS2_32(FFFFFD49), ref: 02B51D4C
                                                  • _strncpy.LIBCMT ref: 02B51D6A
                                                  • _strncpy.LIBCMT ref: 02B51D7C
                                                  • _strncpy.LIBCMT ref: 02B51D8E
                                                  • _free.LIBCMT ref: 02B51DC9
                                                    • Part of subcall function 02B51B70: GetUdpTable.IPHLPAPI(00000000,?,00000001), ref: 02B51B8A
                                                    • Part of subcall function 02B51B70: _malloc.LIBCMT ref: 02B51B9B
                                                    • Part of subcall function 02B51B70: GetUdpTable.IPHLPAPI(00000000,?,00000001), ref: 02B51BAD
                                                    • Part of subcall function 02B51B70: htons.WS2_32(0000000A), ref: 02B51BFA
                                                    • Part of subcall function 02B51B70: _strncpy.LIBCMT ref: 02B51C18
                                                    • Part of subcall function 02B51B70: _strncpy.LIBCMT ref: 02B51C2A
                                                    • Part of subcall function 02B51B70: _strncpy.LIBCMT ref: 02B51C3C
                                                    • Part of subcall function 02B51B70: _free.LIBCMT ref: 02B51C62
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _strncpy$Table_free_mallochtons$AddressHandleModuleProc
                                                  • String ID: GetExtendedUdpTable$iphlpapi$udp$udp6
                                                  • API String ID: 3175877808-3210492192
                                                  • Opcode ID: 40c027d3b10058ecc4c7eae6942f8f4756f19f7260a87c03eb7e8ad53259c28e
                                                  • Instruction ID: 5751f2540b43c39ec5f7a9729c738efcd4d527d50216a1edbcb8ac960f8680cb
                                                  • Opcode Fuzzy Hash: 40c027d3b10058ecc4c7eae6942f8f4756f19f7260a87c03eb7e8ad53259c28e
                                                  • Instruction Fuzzy Hash: 61719271D50619BFDB10EF68CC85FAEB7B9EF04744F14449AF909AB280D7B0AA409F94
                                                  Function 06542F51 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 166memorylibraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentThread.KERNEL32 ref: 06542F73
                                                    • Part of subcall function 06542E6C: GetCurrentProcess.KERNEL32(02000000,?), ref: 06542E84
                                                    • Part of subcall function 06542E6C: OpenProcessToken.ADVAPI32(00000000), ref: 06542E8B
                                                    • Part of subcall function 06542E6C: GetLastError.KERNEL32 ref: 06542E95
                                                    • Part of subcall function 06542E6C: CloseHandle.KERNEL32(00000000), ref: 06542F43
                                                  • GetModuleHandleA.KERNEL32(ntdll), ref: 06542F9F
                                                  • GetLastError.KERNEL32 ref: 06542FA9
                                                  • GetProcAddress.KERNEL32(00000000,NtQueryInformationProcess), ref: 06542FBC
                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 06542FDB
                                                  • HeapFree.KERNEL32(00000000), ref: 06542FE2
                                                  • GetProcessHeap.KERNEL32(00000008,-0000019C), ref: 06542FEE
                                                  • HeapAlloc.KERNEL32(00000000), ref: 06542FF5
                                                  • GetLastError.KERNEL32 ref: 06543077
                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 065430A2
                                                  • HeapFree.KERNEL32(00000000), ref: 065430A9
                                                  • GetTokenInformation.ADVAPI32(?,0000000A(TokenIntegrityLevel),?,00000038,00000024), ref: 065430C7
                                                  • CloseHandle.KERNEL32(?), ref: 065430D4
                                                  • CloseHandle.KERNEL32(?), ref: 065430F2
                                                  • CloseHandle.KERNEL32(?), ref: 06543110
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Heap$HandleProcess$Close$ErrorLast$CurrentFreeToken$AddressAllocInformationModuleOpenProcThread
                                                  • String ID: $$NtQueryInformationProcess$ntdll
                                                  • API String ID: 3769244208-1900231177
                                                  • Opcode ID: 8993818dba379a17b9d600649b906b695449d9bf5c0cae0ce5703153dc9f8822
                                                  • Instruction ID: 2207737fcb0fe5cb9b2c205c8623d4562396462483e7100fe77a75e5d385cedc
                                                  • Opcode Fuzzy Hash: 8993818dba379a17b9d600649b906b695449d9bf5c0cae0ce5703153dc9f8822
                                                  • Instruction Fuzzy Hash: 91515171D0020AEFDB50AFA5D89CBAEBBB9BF04319F0041A5EA15E7260E7309944DF51
                                                  Function 028D1500 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 222COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free_wcsncpy$_calloc_mbstowcs_memmove$_memset_wcscpy
                                                  • String ID: https$pipe$tcp
                                                  • API String ID: 1390386863-2240554849
                                                  • Opcode ID: e345e8518283e9446ea7aef0c323b0724ee3921f815740dcaccd0b4a9dfe2a5a
                                                  • Instruction ID: da43f14958e2ed9c9ac45f9b4d3d41163c182ed3a4db638bfb7ad58b0ba1c4e5
                                                  • Opcode Fuzzy Hash: e345e8518283e9446ea7aef0c323b0724ee3921f815740dcaccd0b4a9dfe2a5a
                                                  • Instruction Fuzzy Hash: 22712EBDD41308BBEB10EBA88D85F9A77BDAF15700F044455AA09F7241E7B49A448FA2
                                                  Function 02B579FC Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 176libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: AddressProc$Library_free_memset_strlen$ErrorFreeLastLoad_mallochtonl
                                                  • String ID: EnumProcessModules$GetModuleBaseNameA$GetModuleFileNameExA$psapi
                                                  • API String ID: 1722594215-4146384186
                                                  • Opcode ID: 0d1f2f34b727b73bc652d03d537fd285a0624d1cc5f0b13a65cc1fc2cba59d92
                                                  • Instruction ID: d792aa27702ed1eb6c434bc02e9e0b5e1ba4ec9ee7e104f9e14a299ad97ea10c
                                                  • Opcode Fuzzy Hash: 0d1f2f34b727b73bc652d03d537fd285a0624d1cc5f0b13a65cc1fc2cba59d92
                                                  • Instruction Fuzzy Hash: A5615075E4022AAFDB11DFA8DC45AEEBBB9FF08344F1400A9F919E6240DB719650DF90
                                                  Function 02B5E6CB Relevance: 31.6, APIs: 10, Strings: 8, Instructions: 69libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryA.KERNEL32(user32.dll), ref: 02B5E6DD
                                                  • LoadLibraryA.KERNEL32(psapi.dll), ref: 02B5E6E6
                                                  • LoadLibraryA.KERNEL32(kernel32.dll), ref: 02B5E6F2
                                                  • GetProcAddress.KERNEL32(00000000,QueryFullProcessImageNameW), ref: 02B5E70C
                                                  • LoadLibraryA.KERNEL32(Psapi.dll), ref: 02B5E71C
                                                  • GetProcAddress.KERNEL32(00000000,GetProcessImageFileNameW), ref: 02B5E728
                                                  • GetProcAddress.KERNEL32(?,GetProcessImageFileNameW), ref: 02B5E73B
                                                  • GetProcAddress.KERNEL32(00000000,GetRawInputData), ref: 02B5E74C
                                                  • FreeLibrary.KERNEL32(00000000), ref: 02B5E758
                                                  • GetProcAddress.KERNEL32(00000000,RegisterRawInputDevices), ref: 02B5E76D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: AddressLibraryProc$Load$Free
                                                  • String ID: GetProcessImageFileNameW$GetRawInputData$Psapi.dll$QueryFullProcessImageNameW$RegisterRawInputDevices$kernel32.dll$psapi.dll$user32.dll
                                                  • API String ID: 3890210519-1542674857
                                                  • Opcode ID: 8e0d84ffea04e798f275a3bf0fdefdc73e21a46ffbcc7a7d7c23d24ee886155d
                                                  • Instruction ID: 6c5deebb09f5da538ed048aad8dab21b056252f90157a204cb23734f79218e96
                                                  • Opcode Fuzzy Hash: 8e0d84ffea04e798f275a3bf0fdefdc73e21a46ffbcc7a7d7c23d24ee886155d
                                                  • Instruction Fuzzy Hash: 4711AC31E8172B7B7B216B7E5D82A2AB7DCDF51584B0104F2FE29D7110EBB1CA019A60
                                                  Function 06541DA9 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 119pipeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 06541DC6
                                                  • CreateNamedPipeA.KERNEL32(?,00000003,00000004,00000001,00000000,00000000,00000000,00000000), ref: 06541E01
                                                  • GetLastError.KERNEL32 ref: 06541E14
                                                  • GetHandleInformation.KERNEL32(?,?), ref: 06541EBB
                                                  • CloseHandle.KERNEL32(?), ref: 06541EC6
                                                  • RevertToSelf.ADVAPI32 ref: 06541EEA
                                                  • GetLastError.KERNEL32 ref: 06541EF0
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorHandleLast$CloseCreateInformationNamedPipeRevertSelf_memset
                                                  • String ID: Lu
                                                  • API String ID: 544155406-2287933675
                                                  • Opcode ID: 88d0b5ec18409d0726c2b8f3d3341fcae3f82649aa29187b0a039bf8b1c864e4
                                                  • Instruction ID: 0a1368d73b12f0488a75aadde1f7a4e88864daaa2a7267827b420c95dafe2fca
                                                  • Opcode Fuzzy Hash: 88d0b5ec18409d0726c2b8f3d3341fcae3f82649aa29187b0a039bf8b1c864e4
                                                  • Instruction Fuzzy Hash: D7416175A00706EFEB60AFA0D89CA6A7FB9FF04258F0040A5FA05D7650E7309D949FA0
                                                  Function 02B6101C Relevance: 28.3, APIs: 11, Strings: 5, Instructions: 343comCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CoInitialize.OLE32(00000000), ref: 02B61042
                                                  • CoCreateInstance.COMBASE(02B928D4,00000000,00000003,02B92924,00000001), ref: 02B61059
                                                  • CoCreateInstance.COMBASE(02B928C4,00000000,00000003,02B92944,?), ref: 02B61100
                                                  • CoCreateInstance.COMBASE(02B928B4,00000000,00000003,02B92954,?), ref: 02B6113C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: CreateInstance$Initialize
                                                  • String ID: NullRenderer$SampleGrabber$WebCam$X$vids
                                                  • API String ID: 1108742289-4232756209
                                                  • Opcode ID: 826fa5bb0e18450acd4bdccb025d67294fc484a24404e77a89144a0c7f73dee5
                                                  • Instruction ID: f33975454593ef743ce0ba3986d6d58991e81080216571c09ae83dc4977cfdf0
                                                  • Opcode Fuzzy Hash: 826fa5bb0e18450acd4bdccb025d67294fc484a24404e77a89144a0c7f73dee5
                                                  • Instruction Fuzzy Hash: 8BC16E71A11211AFDF15CF58C888EAA77B5EF48B14B1581E8FD0AAF350DB75E804CB90
                                                  Function 06541EFA Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 171COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 06541F1E
                                                  • _memset.LIBCMT ref: 06541F32
                                                  • _memset.LIBCMT ref: 06541F44
                                                  • GetVersionExA.KERNEL32(00000094,?,?,?,?,?,?,?,00000000,?), ref: 06541F5D
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,?), ref: 06541F67
                                                  • SetLastError.KERNEL32(00000078,?,?,?,?,?,?,?,00000000,?), ref: 06541F85
                                                  • __snprintf_s.LIBCMT ref: 06541FC4
                                                  • __snprintf_s.LIBCMT ref: 06541FDF
                                                  • CreateSemaphoreA.KERNEL32(00000000,00000000,00000001,00000000), ref: 06541FEC
                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,000000A0), ref: 065420F5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _memset$ErrorLast__snprintf_s$CloseCreateHandleSemaphoreVersion
                                                  • String ID: \\.\pipe\%s$cmd.exe /c echo %s > %s
                                                  • API String ID: 2333530140-3579833515
                                                  • Opcode ID: a23f7f2417cf0e4f6ef2622f92c6f102c87803f27c107f6d7ef1ac6a083b057a
                                                  • Instruction ID: 1671743c80cfc39b1a4a63d52025548fc6f7791e31d1a2a43a7c7e8cc032f6a2
                                                  • Opcode Fuzzy Hash: a23f7f2417cf0e4f6ef2622f92c6f102c87803f27c107f6d7ef1ac6a083b057a
                                                  • Instruction Fuzzy Hash: EC518171A05319AFEB60AB60DC9CFAA7BBDFF45358F0000E9F50996140EB709A45DB61
                                                  Function 02B5AA4B Relevance: 28.1, APIs: 6, Strings: 10, Instructions: 142threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: htonl$ContextErrorLastThread_memset_strlen
                                                  • String ID: eax$ebp$ebx$ecx$edi$edx$eflags$eip$esi$esp
                                                  • API String ID: 3531956774-2196928098
                                                  • Opcode ID: d3f668077e00ff6c9448b3f2654511d89fe03e377968499e360276cced34222a
                                                  • Instruction ID: 09bf0af07b549ea9f0305432b014357a630a58bdeedff283fd12915504084d57
                                                  • Opcode Fuzzy Hash: d3f668077e00ff6c9448b3f2654511d89fe03e377968499e360276cced34222a
                                                  • Instruction Fuzzy Hash: AE51C0B2D142199FDF10CFA9E948B9EBBF9BB48344F2081EAE51CAB201D7704A44DF54
                                                  Function 028D95AC Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 162COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WinHttpOpenRequest.WINHTTP(?,GET,?,00000000,00000000,00000000,00000100), ref: 028D95E7
                                                  • SetLastError.KERNEL32(00000490), ref: 028D95F8
                                                  • WinHttpGetIEProxyConfigForCurrentUser.WINHTTP(?), ref: 028D9623
                                                  • _calloc.LIBCMT ref: 028D964C
                                                  • GlobalFree.KERNEL32(00000000), ref: 028D96F1
                                                  • GlobalFree.KERNEL32(00000000), ref: 028D9700
                                                  • GlobalFree.KERNEL32(00000000), ref: 028D970F
                                                  • WinHttpSetOption.WINHTTP(00000000,00001003,?,00000000), ref: 028D9761
                                                  • WinHttpSetOption.WINHTTP(00000000,0000001F,?,00000004), ref: 028D977B
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Http$FreeGlobal$Option$ConfigCurrentErrorLastOpenProxyRequestUser_calloc
                                                  • String ID: GET$POST
                                                  • API String ID: 3023714100-3192705859
                                                  • Opcode ID: 4349280ee7443e1ca2f5c48e74058e9181a5c5db98c259d619ee37f561e37818
                                                  • Instruction ID: 9948f76b95c206485a7d96cdd7cccc1550eaed18a371b02c616356149a1764fb
                                                  • Opcode Fuzzy Hash: 4349280ee7443e1ca2f5c48e74058e9181a5c5db98c259d619ee37f561e37818
                                                  • Instruction Fuzzy Hash: 01517F7CD00304EFEB219F95D948BAABBF9FF84305F10492AE94AE6690D7B09944CF50
                                                  Function 02B59F33 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 150libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 02B59F5B
                                                  • LoadLibraryA.KERNEL32(psapi,02B5950D,00000000), ref: 02B59F6B
                                                  • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 02B59F8A
                                                  • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 02B59F94
                                                  • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 02B59F9F
                                                  • _memset.LIBCMT ref: 02B5A00C
                                                  • _memset.LIBCMT ref: 02B5A027
                                                  • _memset.LIBCMT ref: 02B5A042
                                                  • OpenProcess.KERNEL32(00000410,00000000,?), ref: 02B5A05C
                                                  • CloseHandle.KERNEL32(?), ref: 02B5A091
                                                  • FreeLibrary.KERNEL32(00000000), ref: 02B5A116
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _memset$AddressProc$Library$CloseFreeHandleLoadOpenProcess
                                                  • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$psapi
                                                  • API String ID: 1093915429-2992890082
                                                  • Opcode ID: 780871e56c0e28653327153d19e085f21235c9bc494fa2faee426d23e7ef6657
                                                  • Instruction ID: 1af087f16b395252b03280bc280f1179c64a05ec7ac4f43c59c241c1988ef6dc
                                                  • Opcode Fuzzy Hash: 780871e56c0e28653327153d19e085f21235c9bc494fa2faee426d23e7ef6657
                                                  • Instruction Fuzzy Hash: 4A51747594022DBBEB20DB948C46FEEBBBDEF04744F0081B5E904A6190DB709A919F90
                                                  Function 02B5A4A7 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 123COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 02B5A4DA
                                                  • _memset.LIBCMT ref: 02B5A4F1
                                                  • _wmemset.LIBCMT ref: 02B5A513
                                                  • OpenProcess.KERNEL32(00000400,00000000,?,?,?,00000000,?,?,?,?,?,00000000), ref: 02B5A524
                                                  • OpenProcessToken.ADVAPI32(00000000,00000008,?,?,?,00000000,?,?,?,?,?,00000000), ref: 02B5A53B
                                                  • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000), ref: 02B5A554
                                                  • _malloc.LIBCMT ref: 02B5A55D
                                                    • Part of subcall function 02B79C52: __FF_MSGBANNER.LIBCMT ref: 02B79C69
                                                    • Part of subcall function 02B79C52: __NMSG_WRITE.LIBCMT ref: 02B79C70
                                                    • Part of subcall function 02B79C52: RtlAllocateHeap.NTDLL(00A40000,00000000,00000001,00000000,00000000,00000000,?,02B87D0E,?,?,?,00000000,?,02B87EE1,00000018,02B99648), ref: 02B79C95
                                                  • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,?,?,?,?,00000000,?,?,?,?,?,00000000), ref: 02B5A577
                                                  • LookupAccountSidW.ADVAPI32(00000000,?,?,?,?,?,?), ref: 02B5A5AC
                                                  • __snwprintf.LIBCMT ref: 02B5A5D0
                                                  • _free.LIBCMT ref: 02B5A5DC
                                                  • CloseHandle.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,00000000), ref: 02B5A5F1
                                                  • CloseHandle.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,00000000), ref: 02B5A5F8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Token$CloseHandleInformationOpenProcess_memset$AccountAllocateHeapLookup__snwprintf_free_malloc_wmemset
                                                  • String ID: %s\%s
                                                  • API String ID: 2758612560-4073750446
                                                  • Opcode ID: fb9ae1e3a2345ebec6bfe14b69eeb2b70b4535762c21e3728716f75d892b384e
                                                  • Instruction ID: 7c37e4f55314a7c419001f7c74b9748856cd95782b487506792d826a6a1c4b90
                                                  • Opcode Fuzzy Hash: fb9ae1e3a2345ebec6bfe14b69eeb2b70b4535762c21e3728716f75d892b384e
                                                  • Instruction Fuzzy Hash: 6E412AB1900129ABDB11DF95DC85EEFBBBCFF04650F1081A6F919A6110EB318A959BA0
                                                  Function 02B56138 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 122libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 02B56184
                                                  • inet_addr.WS2_32(00000000), ref: 02B56193
                                                  • inet_addr.WS2_32(00000000), ref: 02B56199
                                                  • inet_addr.WS2_32(00000000), ref: 02B5619F
                                                  • GetModuleHandleA.KERNEL32(iphlpapi,GetBestInterface), ref: 02B561CB
                                                  • GetProcAddress.KERNEL32(00000000), ref: 02B561D4
                                                  • GetModuleHandleA.KERNEL32(iphlpapi,GetIpInterfaceEntry), ref: 02B561FD
                                                  • GetProcAddress.KERNEL32(00000000), ref: 02B56200
                                                  • _memset.LIBCMT ref: 02B5628A
                                                  • CreateIpForwardEntry.IPHLPAPI(?), ref: 02B562C4
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: inet_addr$AddressHandleModuleProc_memset$CreateEntryForward
                                                  • String ID: GetBestInterface$GetIpInterfaceEntry$iphlpapi
                                                  • API String ID: 3867122599-3963187488
                                                  • Opcode ID: 5d26eaf44919d66f5a370c8bad6f0df0439300613e5f7483dd01ff9bcc37c506
                                                  • Instruction ID: 2a225662aa346ef6bdb64646125b23df4cfb719efe7a1ae4ae60af72494fc111
                                                  • Opcode Fuzzy Hash: 5d26eaf44919d66f5a370c8bad6f0df0439300613e5f7483dd01ff9bcc37c506
                                                  • Instruction Fuzzy Hash: E6414AB1D00329ABDB109FA9CC81B9EBBB9FF09340F4041AAE50CB7250D7718A85CF91
                                                  Function 02B528DD Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 111libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 02B52929
                                                  • LoadLibraryA.KERNEL32(?,?,?,?,00000000,00000002), ref: 02B5296F
                                                  • GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 02B52989
                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,00000000,00000002), ref: 02B52994
                                                  • LoadLibraryA.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00000002), ref: 02B529D1
                                                  • GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 02B529E3
                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000,00000002), ref: 02B529EE
                                                  • GetProcAddress.KERNEL32(00000000,02B9169C), ref: 02B529FD
                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000,00000002), ref: 02B52A14
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Library$AddressFreeProc$Load$DirectorySystem
                                                  • String ID: \ws2_32$\wship6$freeaddrinfo$getaddrinfo$getnameinfo
                                                  • API String ID: 2490988753-744132762
                                                  • Opcode ID: 276acedfc8e4aef134b1637d8b393f872762c5046d17d3bb66fbe406ec92ba59
                                                  • Instruction ID: de022b8ecdad6ea4ef7ad78b46de140a6ae519dfa1158f989103e6ba509637ae
                                                  • Opcode Fuzzy Hash: 276acedfc8e4aef134b1637d8b393f872762c5046d17d3bb66fbe406ec92ba59
                                                  • Instruction Fuzzy Hash: 0431A776D022396BDB21DF989D49BDF7BACEB15744F0405E1ED18A7200D33099508EE0
                                                  Function 06543124 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 90servicethreadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentThread.KERNEL32 ref: 0654312D
                                                  • OpenSCManagerA.ADVAPI32(00000000,00000000,00000001), ref: 0654313F
                                                  • GetLastError.KERNEL32 ref: 0654314B
                                                  • OpenServiceA.ADVAPI32(00000000,rpcss,00000004), ref: 06543160
                                                  • GetLastError.KERNEL32 ref: 0654316C
                                                  • CloseServiceHandle.ADVAPI32(00000000), ref: 065431F1
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorLastOpenService$CloseCurrentHandleManagerThread
                                                  • String ID: rpcss
                                                  • API String ID: 3906103551-2843778020
                                                  • Opcode ID: c3629fd888c85ad698381358eb3c32f79e035a8d7e03bef4ab12e2b54c883418
                                                  • Instruction ID: 28eb09512a2fa185d6000dfc105aba5191b74e02ce066632fbd92c0d03857f9a
                                                  • Opcode Fuzzy Hash: c3629fd888c85ad698381358eb3c32f79e035a8d7e03bef4ab12e2b54c883418
                                                  • Instruction Fuzzy Hash: A1216036904315BFDB506BA1DC5D9AE7FB9FF08269B4004A6FB06D2160FB7199089FA0
                                                  Function 028D488C Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 89libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryW.KERNEL32(ntdll), ref: 028D4898
                                                  • GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 028D48B9
                                                  • GetProcAddress.KERNEL32(00000000,NtQueryAttributesFile), ref: 028D48C3
                                                  • GetProcAddress.KERNEL32(?,NtOpenFile), ref: 028D48CF
                                                  • GetProcAddress.KERNEL32(?,NtCreateSection), ref: 028D48DC
                                                  • GetProcAddress.KERNEL32(?,NtOpenSection), ref: 028D48E9
                                                  • GetProcAddress.KERNEL32(?,NtClose), ref: 028D48F6
                                                    • Part of subcall function 028D480E: WriteProcessMemory.KERNEL32(000000FF,028D47B3,?,00000005,?,?,?,028D4914,?,00000000,?,028D47B3,?,?), ref: 028D4826
                                                    • Part of subcall function 028D480E: VirtualQuery.KERNEL32(?,?,0000001C,?,?), ref: 028D4841
                                                    • Part of subcall function 028D480E: VirtualProtect.KERNEL32(?,00000040,00000040,?,?,?), ref: 028D4859
                                                    • Part of subcall function 028D480E: VirtualProtect.KERNEL32(?,?,?,?,?,?), ref: 028D4876
                                                    • Part of subcall function 028D480E: FlushInstructionCache.KERNEL32(000000FF,?,?,?,?), ref: 028D4880
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AddressProc$Virtual$Protect$CacheFlushInstructionLibraryLoadMemoryProcessQueryWrite
                                                  • String ID: NtClose$NtCreateSection$NtMapViewOfSection$NtOpenFile$NtOpenSection$NtQueryAttributesFile$ntdll
                                                  • API String ID: 1694779802-2731749698
                                                  • Opcode ID: 068a7acc115fbddb829211ec7d15e63f1d1f39197451dd39055f4319877ab43a
                                                  • Instruction ID: c8b70f8436b25aab15e5d32a07f63b6c344348c475f50c3f683bba98a4dc454d
                                                  • Opcode Fuzzy Hash: 068a7acc115fbddb829211ec7d15e63f1d1f39197451dd39055f4319877ab43a
                                                  • Instruction Fuzzy Hash: 2C316D7EE40228BAEB10ABA58C45CEFBF78EF49B90F004115FA19A3200C7746A14DBD1
                                                  Function 028D4A0C Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 76libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryA.KERNEL32(ntdll,?,?,?,?,028D4627), ref: 028D4A18
                                                  • GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 028D4A39
                                                  • GetProcAddress.KERNEL32(00000000,NtQueryAttributesFile), ref: 028D4A43
                                                  • GetProcAddress.KERNEL32(028D4627,NtOpenFile), ref: 028D4A4F
                                                  • GetProcAddress.KERNEL32(028D4627,NtCreateSection), ref: 028D4A5C
                                                  • GetProcAddress.KERNEL32(028D4627,NtOpenSection), ref: 028D4A69
                                                  • GetProcAddress.KERNEL32(028D4627,NtClose), ref: 028D4A76
                                                    • Part of subcall function 028D49AC: VirtualQuery.KERNEL32(?,?,0000001C,?,?,028D4A8E,?,00000000,?,?,00000000,?,?,?,?,028D4627), ref: 028D49BB
                                                    • Part of subcall function 028D49AC: VirtualProtect.KERNEL32(?,?,00000040,?,?,?,028D4A8E,?,00000000,?,?,00000000), ref: 028D49CD
                                                    • Part of subcall function 028D49AC: WriteProcessMemory.KERNEL32(000000FF,?,?,00000005,?,?,?,028D4A8E,?,00000000,?,?,00000000), ref: 028D49E1
                                                    • Part of subcall function 028D49AC: VirtualProtect.KERNEL32(?,?,?,00000000,?,?,028D4A8E,?,00000000,?,?,00000000), ref: 028D49F4
                                                    • Part of subcall function 028D49AC: FlushInstructionCache.KERNEL32(000000FF,?,?,?,?,028D4A8E,?,00000000,?,?,00000000,?,?,?,?,028D4627), ref: 028D4A02
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AddressProc$Virtual$Protect$CacheFlushInstructionLibraryLoadMemoryProcessQueryWrite
                                                  • String ID: NtClose$NtCreateSection$NtMapViewOfSection$NtOpenFile$NtOpenSection$NtQueryAttributesFile$ntdll
                                                  • API String ID: 1694779802-2731749698
                                                  • Opcode ID: 93b7abf0b3589bed4927febb230e326580fb3d94f78ec099ca89c13536991a63
                                                  • Instruction ID: 266a7c42587f8fed287581acbe09577d643f7d05cb67b534e8826819ce21db86
                                                  • Opcode Fuzzy Hash: 93b7abf0b3589bed4927febb230e326580fb3d94f78ec099ca89c13536991a63
                                                  • Instruction Fuzzy Hash: 3421307D940208BBEB00ABEA8C45DEFBFBDEB49750B004055FA08E3210D7B55A159EA2
                                                  Function 028D72F2 Relevance: 24.2, APIs: 16, Instructions: 230filepipeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ConnectNamedPipe.KERNEL32(?,?), ref: 028D732E
                                                  • GetLastError.KERNEL32 ref: 028D7334
                                                  • GetOverlappedResult.KERNEL32(?,?,?,00000000), ref: 028D7372
                                                  • GetLastError.KERNEL32 ref: 028D737C
                                                  • ResetEvent.KERNEL32(?), ref: 028D739C
                                                  • _free.LIBCMT ref: 028D73D5
                                                  • ResetEvent.KERNEL32(00000000), ref: 028D7581
                                                  • ReadFile.KERNEL32(?,?,00010000,00000000,?), ref: 028D75A7
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorEventLastReset$ConnectFileNamedOverlappedPipeReadResult_free
                                                  • String ID:
                                                  • API String ID: 1818538505-0
                                                  • Opcode ID: 233e152ab5f5f3605c4b16b9ec2f8e09350f5f3681eca9096e2cc07589a115a2
                                                  • Instruction ID: 7660e7c6ffb1635722f4be8e58852f07be9a1d9629810862676f5d48a341f27b
                                                  • Opcode Fuzzy Hash: 233e152ab5f5f3605c4b16b9ec2f8e09350f5f3681eca9096e2cc07589a115a2
                                                  • Instruction Fuzzy Hash: AC71E07DA40605BBD725AB74CC84FEAF76DFF09310F40462AF519D6180D770A9948FA2
                                                  Function 02B5EC02 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 265COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 02B5EC46
                                                  • _memset.LIBCMT ref: 02B5EC8F
                                                  • _memset.LIBCMT ref: 02B5EC9C
                                                  • htonl.WS2_32(?), ref: 02B5ECC7
                                                  • htonl.WS2_32(?), ref: 02B5EDFF
                                                  • htonl.WS2_32(?), ref: 02B5EE0B
                                                  • htonl.WS2_32(?), ref: 02B5EE16
                                                  • _strlen.LIBCMT ref: 02B5EE9B
                                                  • _free.LIBCMT ref: 02B5EEE5
                                                  • _free.LIBCMT ref: 02B5EEF3
                                                  • _free.LIBCMT ref: 02B5EF02
                                                  • LocalFree.KERNEL32(00000000), ref: 02B5EF11
                                                    • Part of subcall function 02B5F396: _malloc.LIBCMT ref: 02B5F3E7
                                                    • Part of subcall function 02B5F396: _memset.LIBCMT ref: 02B5F3F5
                                                    • Part of subcall function 02B5F396: LoadLibraryA.KERNEL32(?,02B99210,0000002C,02B5EDD0,?,?), ref: 02B5F402
                                                    • Part of subcall function 02B5F396: GetLastError.KERNEL32 ref: 02B5F40F
                                                    • Part of subcall function 02B5F396: _free.LIBCMT ref: 02B5FECB
                                                    • Part of subcall function 02B5F396: SetLastError.KERNEL32(00000057,02B99210,0000002C,02B5EDD0,?,?), ref: 02B5FED2
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _free_memsethtonl$ErrorLast$FreeLibraryLoadLocal_malloc_strlen
                                                  • String ID: stdcall
                                                  • API String ID: 1256418880-1361542064
                                                  • Opcode ID: fe417a7f98b71e8b962acdb89101254f6ef800ea512aa15b4bc81f3e70eb7c48
                                                  • Instruction ID: 1644722d9bc7f6906794f6de06af165921aced91ff78ff03e4b4f09c0b2d8af9
                                                  • Opcode Fuzzy Hash: fe417a7f98b71e8b962acdb89101254f6ef800ea512aa15b4bc81f3e70eb7c48
                                                  • Instruction Fuzzy Hash: C9A1F8B1D00219AFDB50DFA9D945BEEBBB9FF08344F1404A9EA08EB251E7709A44CF54
                                                  Function 02B59DA2 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 118libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 02B59DC9
                                                  • LoadLibraryA.KERNEL32(kernel32,02B59500,00000000), ref: 02B59DD6
                                                  • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 02B59DF6
                                                  • GetProcAddress.KERNEL32(00000000,Process32FirstW), ref: 02B59E01
                                                  • GetProcAddress.KERNEL32(00000000,Process32NextW), ref: 02B59E0C
                                                  • _memset.LIBCMT ref: 02B59E79
                                                  • _memset.LIBCMT ref: 02B59E94
                                                    • Part of subcall function 02B5A23E: _wmemset.LIBCMT ref: 02B5A268
                                                    • Part of subcall function 02B5A23E: OpenProcess.KERNEL32(00000410,00000000,?,?,00000000,00000000), ref: 02B5A279
                                                    • Part of subcall function 02B5A23E: LoadLibraryA.KERNEL32(psapi), ref: 02B5A28E
                                                    • Part of subcall function 02B5A23E: GetProcAddress.KERNEL32(00000000,GetModuleFileNameExW), ref: 02B5A2AC
                                                    • Part of subcall function 02B5A23E: FreeLibrary.KERNEL32(?), ref: 02B5A471
                                                    • Part of subcall function 02B5A23E: FreeLibrary.KERNEL32(?), ref: 02B5A47C
                                                    • Part of subcall function 02B5A23E: CloseHandle.KERNEL32(00000000), ref: 02B5A483
                                                    • Part of subcall function 02B5A23E: _wmemset.LIBCMT ref: 02B5A496
                                                    • Part of subcall function 02B5A4A7: _memset.LIBCMT ref: 02B5A4DA
                                                    • Part of subcall function 02B5A4A7: _memset.LIBCMT ref: 02B5A4F1
                                                    • Part of subcall function 02B5A4A7: _wmemset.LIBCMT ref: 02B5A513
                                                    • Part of subcall function 02B5A4A7: OpenProcess.KERNEL32(00000400,00000000,?,?,?,00000000,?,?,?,?,?,00000000), ref: 02B5A524
                                                    • Part of subcall function 02B5A4A7: OpenProcessToken.ADVAPI32(00000000,00000008,?,?,?,00000000,?,?,?,?,?,00000000), ref: 02B5A53B
                                                    • Part of subcall function 02B5A4A7: GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000), ref: 02B5A554
                                                    • Part of subcall function 02B5A4A7: _malloc.LIBCMT ref: 02B5A55D
                                                    • Part of subcall function 02B5A4A7: GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,?,?,?,?,00000000,?,?,?,?,?,00000000), ref: 02B5A577
                                                    • Part of subcall function 02B5A4A7: LookupAccountSidW.ADVAPI32(00000000,?,?,?,?,?,?), ref: 02B5A5AC
                                                    • Part of subcall function 02B59C8B: LoadLibraryA.KERNEL32(kernel32.dll,00000006,00000006,00000000,00000000,?,02B59C23,?,00000006,00000006,00000000,?,02B5776F,00000000,?,?), ref: 02B59CB3
                                                    • Part of subcall function 02B59C8B: GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02B59CC5
                                                    • Part of subcall function 02B59C8B: OpenProcess.KERNEL32(00000400,00000000,?,?,?,02B59C23,?,00000006,00000006,00000000,?,02B5776F,00000000,?,?,02B57723), ref: 02B59CDE
                                                    • Part of subcall function 02B59C8B: OpenProcess.KERNEL32(00001000,00000000,?,?,02B59C23,?,00000006,00000006,00000000,?,02B5776F,00000000,?,?,02B57723), ref: 02B59CF3
                                                    • Part of subcall function 02B59C8B: CloseHandle.KERNEL32(00000000,?,02B59C23,?,00000006,00000006,00000000,?,02B5776F,00000000,?,?,02B57723,?,02B57723,?), ref: 02B59D20
                                                    • Part of subcall function 02B59C8B: FreeLibrary.KERNEL32(00000000,?,02B59C23,?,00000006,00000006,00000000,?,02B5776F,00000000,?,?,02B57723,?,02B57723,?), ref: 02B59D28
                                                    • Part of subcall function 02B59A9F: _memset.LIBCMT ref: 02B59AB2
                                                    • Part of subcall function 02B59A9F: htonl.WS2_32(?), ref: 02B59ADD
                                                    • Part of subcall function 02B59A9F: _strlen.LIBCMT ref: 02B59B19
                                                    • Part of subcall function 02B59A9F: _strlen.LIBCMT ref: 02B59B4F
                                                    • Part of subcall function 02B59A9F: _strlen.LIBCMT ref: 02B59B83
                                                    • Part of subcall function 02B59A9F: htonl.WS2_32(?), ref: 02B59BA1
                                                    • Part of subcall function 02B59A9F: htonl.WS2_32(?), ref: 02B59BBC
                                                    • Part of subcall function 02B59A9F: htonl.WS2_32(?), ref: 02B59BD4
                                                  • CloseHandle.KERNEL32(00000000), ref: 02B59F1D
                                                  • FreeLibrary.KERNEL32(00000000), ref: 02B59F24
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Library$_memset$AddressOpenProcProcess$Freehtonl$CloseHandleLoadToken_strlen_wmemset$Information$AccountLookup_malloc
                                                  • String ID: CreateToolhelp32Snapshot$Process32FirstW$Process32NextW$kernel32
                                                  • API String ID: 459569308-2095122823
                                                  • Opcode ID: 90789e95a30a00b1788c2f500fca42bb6008e7da08714044a013315338a8ac77
                                                  • Instruction ID: ceb5dcf5eab41db23978f66d0f4af5db4cc7d226bbe0ec422c1f9bdfd5d2d057
                                                  • Opcode Fuzzy Hash: 90789e95a30a00b1788c2f500fca42bb6008e7da08714044a013315338a8ac77
                                                  • Instruction Fuzzy Hash: D3415B72E41229BADB21ABA48C45FEEB6BDEF05750F0041E6E908F6190D774AB508F90
                                                  Function 02B59575 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 118libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryA.KERNEL32(psapi), ref: 02B595BD
                                                  • GetLastError.KERNEL32 ref: 02B595C9
                                                  • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 02B595E1
                                                  • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 02B595F4
                                                  • GetProcAddress.KERNEL32(00000000,GetModuleFileNameExW), ref: 02B59607
                                                  • _memset.LIBCMT ref: 02B59621
                                                  • _memset.LIBCMT ref: 02B59634
                                                  • FreeLibrary.KERNEL32(00000000), ref: 02B596D9
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: AddressProc$Library_memset$ErrorFreeLastLoad
                                                  • String ID: EnumProcessModules$GetModuleBaseNameW$GetModuleFileNameExW$psapi
                                                  • API String ID: 474038332-3989420880
                                                  • Opcode ID: 3c26281b4dc5126e40eb2edbda5852eecf56934cb85a9821333e559cb1002dae
                                                  • Instruction ID: 2e6efebfa16fa59f96fdc60473f4ecfa4b7d87c6fe3d060f662a9a7bb2749c29
                                                  • Opcode Fuzzy Hash: 3c26281b4dc5126e40eb2edbda5852eecf56934cb85a9821333e559cb1002dae
                                                  • Instruction Fuzzy Hash: 9541BE35D4061AEBEB119BA48D45FAE7BBEFF04740F0000A5FE19E7150EBB19A548FA4
                                                  Function 06542E6C Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 87libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(02000000,?), ref: 06542E84
                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 06542E8B
                                                  • GetLastError.KERNEL32 ref: 06542E95
                                                  • GetModuleHandleA.KERNEL32(ntdll), ref: 06542EA7
                                                  • GetProcAddress.KERNEL32(00000000,NtQueryObject), ref: 06542EB8
                                                  • GetLastError.KERNEL32 ref: 06542EC4
                                                  • CloseHandle.KERNEL32(00000000), ref: 06542F43
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorHandleLastProcess$AddressCloseCurrentModuleOpenProcToken
                                                  • String ID: NtQueryObject$ntdll
                                                  • API String ID: 449023873-2921792543
                                                  • Opcode ID: a2e0885f2ec0b5d2b1a1086a6dfccdcba756e03c35a6af3b04eeeae45ef54b30
                                                  • Instruction ID: f9c240797c54de8462c3f783ffc6ac8487f7bfacf34de72c838bd1b81d3c5814
                                                  • Opcode Fuzzy Hash: a2e0885f2ec0b5d2b1a1086a6dfccdcba756e03c35a6af3b04eeeae45ef54b30
                                                  • Instruction Fuzzy Hash: 8421B571901325BFEB516FA0DC9DB6EBF6DFF04759F4100A6FA01A6110E7709E049AA0
                                                  Function 028DA645 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 75libraryloaderthreadCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _malloc.LIBCMT ref: 028DA64E
                                                    • Part of subcall function 028E00B0: __FF_MSGBANNER.LIBCMT ref: 028E00C7
                                                    • Part of subcall function 028E00B0: __NMSG_WRITE.LIBCMT ref: 028E00CE
                                                    • Part of subcall function 028E00B0: RtlAllocateHeap.NTDLL(00A40000,00000000,00000001,00000000,00000000,00000000,?,028E9533,?,?,?,00000000,?,028E98AE,00000018,028F5608), ref: 028E00F3
                                                  • _memset.LIBCMT ref: 028DA664
                                                  • GetCurrentThreadId.KERNEL32 ref: 028DA66C
                                                    • Part of subcall function 028DA5A7: _malloc.LIBCMT ref: 028DA5AA
                                                  • LoadLibraryA.KERNEL32(kernel32.dll,?,?,000000FF,?,?,?,?,?,?,?,?,?,028D7D6F), ref: 028DA681
                                                  • GetProcAddress.KERNEL32(00000000,OpenThread), ref: 028DA692
                                                  • LoadLibraryA.KERNEL32(ntdll.dll,?,?,000000FF,?,?,?,?,?,?,?,?,?,028D7D6F), ref: 028DA6AE
                                                  • GetProcAddress.KERNEL32(00000000,NtOpenThread), ref: 028DA6BD
                                                  • FreeLibrary.KERNEL32(?,?,?,000000FF,?,?,?,?,?,?,?,?,?,028D7D6F), ref: 028DA6FA
                                                  • FreeLibrary.KERNEL32(00000000,?,?,000000FF,?,?,?,?,?,?,?,?,?,028D7D6F), ref: 028DA701
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Library$AddressFreeLoadProc_malloc$AllocateCurrentHeapThread_memset
                                                  • String ID: NtOpenThread$OpenThread$kernel32.dll$ntdll.dll
                                                  • API String ID: 4115028961-1307226884
                                                  • Opcode ID: 26a18e7388c2652f7e59a69339d5568fc0c0821d32b6d8edfef87d9e76a5dd9b
                                                  • Instruction ID: a5d59a17a9c3a7afc14b0ab510ce7b1c2e5173d04ebdbccd941ccc6cf80fd956
                                                  • Opcode Fuzzy Hash: 26a18e7388c2652f7e59a69339d5568fc0c0821d32b6d8edfef87d9e76a5dd9b
                                                  • Instruction Fuzzy Hash: 0C21623DE80205FFEB509BE9D849F9EB7B8AF48711F104819E606E2280DB7495158F95
                                                  Function 028DFDD4 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 75memorylibraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetProcessHeap.KERNEL32(00000001,00000000,028DFC9A,?,028D2A41,00000001,?,?,028D1E76), ref: 028DFDD8
                                                  • HeapAlloc.KERNEL32(00000000,00000008,00000004,?,028D2A41,00000001,?,?,028D1E76), ref: 028DFDFA
                                                  • GetModuleHandleA.KERNEL32(ntdll.dll,00000000,?,028D2A41,00000001,?,?,028D1E76), ref: 028DFE13
                                                  • LoadLibraryA.KERNEL32(ntdll.dll,?,028D2A41,00000001,?,?,028D1E76), ref: 028DFE24
                                                  • GetProcAddress.KERNEL32(00000000,NtQueryInformationProcess), ref: 028DFE42
                                                  • GetProcAddress.KERNEL32(00000000,NtQueryObject), ref: 028DFE56
                                                  • GetProcAddress.KERNEL32(00000000,ZwSetIoCompletion), ref: 028DFE7B
                                                  • HeapFree.KERNEL32(00000000,00000000,00000000,?,028D2A41,00000001,?,?,028D1E76), ref: 028DFEB8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AddressHeapProc$AllocFreeHandleLibraryLoadModuleProcess
                                                  • String ID: NtQueryInformationProcess$NtQueryObject$ZwSetIoCompletion$ntdll.dll$ntdll.dll
                                                  • API String ID: 1214976393-4151392055
                                                  • Opcode ID: 6602c2553097e2f3740f9dc410f44e34c844f19547e9b12c1de36fb641322e4b
                                                  • Instruction ID: c15b32e136bcbd860071efe6203ad7365cbe39b5b50d88fd04c0c9e324d54f6c
                                                  • Opcode Fuzzy Hash: 6602c2553097e2f3740f9dc410f44e34c844f19547e9b12c1de36fb641322e4b
                                                  • Instruction Fuzzy Hash: 41217A3EA80201DBE391CF759488F263BA4BB58646B04482AEB0EDA6C1DB759859DB40
                                                  Function 02B549E0 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 72libraryloadercomCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 02B549EC
                                                  • CoInitialize.OLE32(00000000), ref: 02B549F6
                                                  • LoadLibraryA.KERNEL32(query.dll,00000000,?,02B54803,?), ref: 02B54A0A
                                                  • GetLastError.KERNEL32(?,02B54803,?), ref: 02B54A17
                                                  • GetProcAddress.KERNEL32(00000000,LocateCatalogsW), ref: 02B54A2B
                                                  • GetProcAddress.KERNEL32(C4830000,CIMakeICommand), ref: 02B54A3C
                                                  • GetProcAddress.KERNEL32(C4830000,CITextToFullTree), ref: 02B54A4D
                                                  • CoCreateInstance.COMBASE(02B91764,00000000,00000017,02B91784,02B5480B), ref: 02B54A6E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: AddressProc$CreateErrorInitializeInstanceLastLibraryLoad_memset
                                                  • String ID: CIMakeICommand$CITextToFullTree$LocateCatalogsW$SystemIndex$query.dll
                                                  • API String ID: 1786312239-973766530
                                                  • Opcode ID: 6b06a995c07921aa33838d2136fa84a76b1681328e057cd77c4a0f9b2dbc37d3
                                                  • Instruction ID: 7d7f8db9e1111e8c743b608be3597059004e29bf8d49069e042140e7bdd6701a
                                                  • Opcode Fuzzy Hash: 6b06a995c07921aa33838d2136fa84a76b1681328e057cd77c4a0f9b2dbc37d3
                                                  • Instruction Fuzzy Hash: EC217C30650313ABEB219F2ADD45F527BF8AF45B84F0004A8F55AEB560EBB0F444AA65
                                                  Function 028D778F Relevance: 22.7, APIs: 15, Instructions: 235networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memmove.LIBCMT ref: 028D77DE
                                                  • htonl.WS2_32(?), ref: 028D7815
                                                  • _calloc.LIBCMT ref: 028D7881
                                                  • htonl.WS2_32(?), ref: 028D789C
                                                  • _memcmp.LIBCMT ref: 028D78D3
                                                  • _memcmp.LIBCMT ref: 028D790E
                                                    • Part of subcall function 028E0AD0: _malloc.LIBCMT ref: 028E0ADC
                                                  • _memmove.LIBCMT ref: 028D791E
                                                    • Part of subcall function 028D769F: CloseHandle.KERNEL32(89C03359,00000000,?,028D7943,?), ref: 028D76B6
                                                    • Part of subcall function 028D769F: CloseHandle.KERNEL32(0F078902,00000000,?,028D7943,?), ref: 028D76E2
                                                    • Part of subcall function 028D769F: _free.LIBCMT ref: 028D76F7
                                                    • Part of subcall function 028D769F: _free.LIBCMT ref: 028D7705
                                                  • _free.LIBCMT ref: 028D7944
                                                    • Part of subcall function 028E0078: RtlFreeHeap.NTDLL(00000000,00000000,?,028E61E9,00000000,?,?,?,00000000,?,028E98AE,00000018,028F5608,00000008,028E97FB,?), ref: 028E008C
                                                    • Part of subcall function 028E0078: GetLastError.KERNEL32(00000000,?,028E61E9,00000000,?,?,?,00000000,?,028E98AE,00000018,028F5608,00000008,028E97FB,?,?), ref: 028E009E
                                                  • CoCreateGuid.OLE32(?), ref: 028D7954
                                                  • htonl.WS2_32(?), ref: 028D795C
                                                  • htons.WS2_32(?), ref: 028D7972
                                                  • htons.WS2_32(?), ref: 028D7983
                                                  • _calloc.LIBCMT ref: 028D7998
                                                  • _free.LIBCMT ref: 028D79FF
                                                  • _memmove.LIBCMT ref: 028D7A5A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free$_memmovehtonl$CloseHandle_calloc_memcmphtons$CreateErrorFreeGuidHeapLast_malloc
                                                  • String ID:
                                                  • API String ID: 2366856222-0
                                                  • Opcode ID: 2bbaeb54dbdc6d199ccd4680233fa502072ab5a2f745cce08e351d69667089e1
                                                  • Instruction ID: ca625d8606948cee25cc7acc69f5da5be8747a4c785578f940db19b0b7470bc3
                                                  • Opcode Fuzzy Hash: 2bbaeb54dbdc6d199ccd4680233fa502072ab5a2f745cce08e351d69667089e1
                                                  • Instruction Fuzzy Hash: D581A27A900204BBDB109F68DC84BEA77A9EF09310F08407AFD48DF256DBB49594CFA1
                                                  Function 028A0900 Relevance: 22.7, APIs: 15, Instructions: 222COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free_wcsncpy$_calloc_mbstowcs_memmove$_memset_wcscpy
                                                  • String ID:
                                                  • API String ID: 1390386863-0
                                                  • Opcode ID: c3eccec42bab27186596fd7f2be50aa59ad1f7087ac920ba5974535d381c4250
                                                  • Instruction ID: b0a7545e422f740d73f39cd604bd334d5155ad72f0ec9e30915d4da970d4c52f
                                                  • Opcode Fuzzy Hash: c3eccec42bab27186596fd7f2be50aa59ad1f7087ac920ba5974535d381c4250
                                                  • Instruction Fuzzy Hash: 497134B9D01309BBEB10EBA8CD95FDF77BDAF14704F104455A604F7241EB75AA408BA1
                                                  Function 02B5BCE6 Relevance: 22.7, APIs: 15, Instructions: 154COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _malloc.LIBCMT ref: 02B5BD29
                                                  • SetLastError.KERNEL32(00000008,028F8570,?,00000000,?,02B5BF00,?,?), ref: 02B5BD3A
                                                  • _memset.LIBCMT ref: 02B5BD4A
                                                  • _memmove.LIBCMT ref: 02B5BD56
                                                  • _strlen.LIBCMT ref: 02B5BD62
                                                  • _free.LIBCMT ref: 02B5BD95
                                                  • _strlen.LIBCMT ref: 02B5BD9D
                                                  • _calloc.LIBCMT ref: 02B5BDBB
                                                  • SetLastError.KERNEL32(00000008,?,?,?,028F8570,?,00000000,?,02B5BF00,?,?), ref: 02B5BDCD
                                                  • _strlen.LIBCMT ref: 02B5BDEB
                                                  • _wcscpy.LIBCMT ref: 02B5BE16
                                                  • _free.LIBCMT ref: 02B5BE2B
                                                    • Part of subcall function 02B79C1A: RtlFreeHeap.NTDLL(00000000,00000000,?,02B81D2C,00000000,?,?,?,00000000,?,02B87EE1,00000018,02B99648,00000008,02B87E2E,?), ref: 02B79C2E
                                                    • Part of subcall function 02B79C1A: GetLastError.KERNEL32(00000000,?,02B81D2C,00000000,?,?,?,00000000,?,02B87EE1,00000018,02B99648,00000008,02B87E2E,?,?), ref: 02B79C40
                                                  • _strlen.LIBCMT ref: 02B5BE34
                                                  • _free.LIBCMT ref: 02B5BE52
                                                  • SetLastError.KERNEL32(000000A0,00000000,?,02B5BF00,?,?), ref: 02B5BE63
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast_strlen$_free$FreeHeap_calloc_malloc_memmove_memset_wcscpy
                                                  • String ID:
                                                  • API String ID: 2112303734-0
                                                  • Opcode ID: 5aa660e4ebeb75ad1248d8c4ed440f87da4d43b5b9cf028c3577531040241149
                                                  • Instruction ID: 8d7d3a49b0e8fdc481f838c80366605b8951b467dea33bd96b3daa58e15ce826
                                                  • Opcode Fuzzy Hash: 5aa660e4ebeb75ad1248d8c4ed440f87da4d43b5b9cf028c3577531040241149
                                                  • Instruction Fuzzy Hash: A241F976D00225AFDB10EFA8C845BAEB7F9EF45364F1844E9ED14EB244DB7199018F90
                                                  Function 02B55109 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 345COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  • AND DIRECTORY='%s:%s', xrefs: 02B551DE
                                                  • AND System.DateModified<='%04d-%02d-%02dT%02d:%02d:%02d', xrefs: 02B552BA
                                                  • AND SCOPE='%s:%s', xrefs: 02B551D7
                                                  • AND System.DateModified>='%04d-%02d-%02dT%02d:%02d:%02d', xrefs: 02B55256
                                                  • size,path,write, xrefs: 02B5518F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: AND System.DateModified<='%04d-%02d-%02dT%02d:%02d:%02d'$ AND System.DateModified>='%04d-%02d-%02dT%02d:%02d:%02d'$AND DIRECTORY='%s:%s'$AND SCOPE='%s:%s'$size,path,write
                                                  • API String ID: 0-3277289244
                                                  • Opcode ID: 0d9532ea3cb26b2a566216c5379f2538ee7f528989c7dbfc7b04495349a4a3b1
                                                  • Instruction ID: 4cd037ec74d1299df22caa8605c8195beb34e71561011cec2caa72481d457a05
                                                  • Opcode Fuzzy Hash: 0d9532ea3cb26b2a566216c5379f2538ee7f528989c7dbfc7b04495349a4a3b1
                                                  • Instruction Fuzzy Hash: 02C16270A1021ABFDF24CFA9D884EAE7BB9FF48709B144099F905EB250DB75D941CB60
                                                  Function 02B54BE0 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 297COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _memset$___ascii_memicmp_wcsrchr_wcsstr
                                                  • String ID: $($file:$iehistory:$mapi:
                                                  • API String ID: 743028853-2653554846
                                                  • Opcode ID: 479fd47305997b3d92312a45df0978af2516ce0ec71976541881bdec8fa26483
                                                  • Instruction ID: d7b66f1b19d0d45fdc9cbd192fdc32733357589fc1fefefff25a768beed650ae
                                                  • Opcode Fuzzy Hash: 479fd47305997b3d92312a45df0978af2516ce0ec71976541881bdec8fa26483
                                                  • Instruction Fuzzy Hash: B1B141B1D00329AFDB258F99DC84FAEB779EF45714F1041E9E908AB251D7709E818FA0
                                                  Function 02B5D746 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 188synchronizationthreadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 02B5D772
                                                  • _memset.LIBCMT ref: 02B5D786
                                                  • WaitForSingleObject.KERNEL32(?,00007530), ref: 02B5D8E9
                                                  • GetExitCodeThread.KERNEL32(?,?), ref: 02B5D910
                                                  • GetCurrentProcessId.KERNEL32(?,?,?), ref: 02B5D977
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _memset$CodeCurrentExitObjectProcessSingleThreadWait
                                                  • String ID: /s /q:%d /p:0x%08X$\\.\pipe\%08X
                                                  • API String ID: 3620379678-3807318313
                                                  • Opcode ID: b86490e28327752dae264b3a86234883234199f0fe2f37f42b9d53ee49546581
                                                  • Instruction ID: 3904700be75869e35b3b1fee3d6737374e3d484aba8e00997b07874b6c6e1fb0
                                                  • Opcode Fuzzy Hash: b86490e28327752dae264b3a86234883234199f0fe2f37f42b9d53ee49546581
                                                  • Instruction Fuzzy Hash: 4661AF71D4021AAFDB009BA8DC89FEE77B9FF08344F0405E5F909AB251D7759A54CBA0
                                                  Function 02B5DA8E Relevance: 21.2, APIs: 14, Instructions: 152pipeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateNamedPipeA.KERNEL32(?,00000003,00000004,00000002,00000000,00000000,00000000,00000000), ref: 02B5DADB
                                                  • GetLastError.KERNEL32 ref: 02B5DAE7
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: CreateErrorLastNamedPipe
                                                  • String ID:
                                                  • API String ID: 4201769729-0
                                                  • Opcode ID: b9a90e4fbe503e0062c5e13dff4d8f0ca52c64b74fe9dfbdf0f67947639d624c
                                                  • Instruction ID: 3e142ae62a5bf985c129f6229f24c348a48168b76b4585ddbeef623a219964f4
                                                  • Opcode Fuzzy Hash: b9a90e4fbe503e0062c5e13dff4d8f0ca52c64b74fe9dfbdf0f67947639d624c
                                                  • Instruction Fuzzy Hash: 7141A375D40627BFEB209F54C949FBE77B9EB04790F0046A9FD05EB240E7B0A9409BA0
                                                  Function 02B564BB Relevance: 21.2, APIs: 14, Instructions: 151networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorEventLast_memset$CreateSelectSocket_malloc_memmoveclosesocketconnectgethostbynamehtonsinet_addr
                                                  • String ID:
                                                  • API String ID: 4181252536-0
                                                  • Opcode ID: cb1628a1e75527f583886a5e20d71f5f0f747c2e0da62d529b45baea44f4cefc
                                                  • Instruction ID: c5a1150d4342d61158190b070c18db833b265a823815cf990b00882d9ffad3f1
                                                  • Opcode Fuzzy Hash: cb1628a1e75527f583886a5e20d71f5f0f747c2e0da62d529b45baea44f4cefc
                                                  • Instruction Fuzzy Hash: F551A171A40216AFDB209F68DD45BAA77FCEF08760F5445A9FD15EF280DB70D9108B60
                                                  Function 06542A16 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 103COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _malloc.LIBCMT ref: 06542A3A
                                                    • Part of subcall function 065458CC: __FF_MSGBANNER.LIBCMT ref: 065458E3
                                                    • Part of subcall function 065458CC: __NMSG_WRITE.LIBCMT ref: 065458EA
                                                    • Part of subcall function 065458CC: HeapAlloc.KERNEL32(00A40000,00000000,00000001,00000000,00000000,00000000,?,06549D21,?,?,?,00000000,?,0654C967,00000018,06559EB0), ref: 0654590F
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 06542A49
                                                  • GetComputerNameW.KERNEL32(00000000,00000010), ref: 06542A59
                                                  • _malloc.LIBCMT ref: 06542A68
                                                  • _malloc.LIBCMT ref: 06542A7C
                                                  • __snprintf_s.LIBCMT ref: 06542A99
                                                  • __snprintf_s.LIBCMT ref: 06542AAE
                                                  • _free.LIBCMT ref: 06542B19
                                                  • _free.LIBCMT ref: 06542B24
                                                  • _free.LIBCMT ref: 06542B2F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _free_malloc$__snprintf_s$AllocComputerErrorHeapLastName
                                                  • String ID: \\%s$\\localhost/pipe/%s
                                                  • API String ID: 3156182960-1768746761
                                                  • Opcode ID: c3fd63bce635ab994f4a9ba833d7f581f61569215af5eacf41107fecc2ffc7e4
                                                  • Instruction ID: 4145d926425c4c1dcafde148d51fa0331f25d6bdb56766e43674a2a420c26fe7
                                                  • Opcode Fuzzy Hash: c3fd63bce635ab994f4a9ba833d7f581f61569215af5eacf41107fecc2ffc7e4
                                                  • Instruction Fuzzy Hash: A23195B2D003176BDBD5FFA59C44EBF76B8BF48718F141199F920E6180EA748A448A60
                                                  Function 02B51647 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 80libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleA.KERNEL32(kernel32,CreateToolhelp32Snapshot,00000000,02B51F31,00000000), ref: 02B51664
                                                  • GetProcAddress.KERNEL32(00000000), ref: 02B5166D
                                                  • GetModuleHandleA.KERNEL32(kernel32,Process32First), ref: 02B51678
                                                  • GetProcAddress.KERNEL32(00000000), ref: 02B5167B
                                                  • GetModuleHandleA.KERNEL32(kernel32,Process32Next), ref: 02B51689
                                                  • GetProcAddress.KERNEL32(00000000), ref: 02B5168C
                                                  • CloseHandle.KERNEL32(00000000), ref: 02B51702
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Handle$AddressModuleProc$Close
                                                  • String ID: %d/%s$CreateToolhelp32Snapshot$Process32First$Process32Next$kernel32
                                                  • API String ID: 3745615971-2034424418
                                                  • Opcode ID: c673be93e5d04443e5bd6851b60b859a46e27fb533a43f7150c26c0c7d782c04
                                                  • Instruction ID: ec7a032816980d3871ccba1d0e0f21c70c23d8e0dab33eff83b160113336588c
                                                  • Opcode Fuzzy Hash: c673be93e5d04443e5bd6851b60b859a46e27fb533a43f7150c26c0c7d782c04
                                                  • Instruction Fuzzy Hash: 30218075E2032A77DB11AAAD8C45FAB7BACEF08251F1405E5FC19E7141D770DA40CE90
                                                  Function 028D83D0 Relevance: 19.7, APIs: 13, Instructions: 166fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 028DA57D: WaitForSingleObject.KERNEL32(?,000000FF,?,028D4C1A,00000001,00000000,?,028D4BFE,00000000,00000000,028D6978,00000000,00000000,028D7DFF), ref: 028DA58B
                                                  • ReadFile.KERNEL32(?,00000000,00000020,?,00000000), ref: 028D8429
                                                  • SetLastError.KERNEL32(00000008), ref: 028D844A
                                                  • _malloc.LIBCMT ref: 028D8463
                                                  • _free.LIBCMT ref: 028D8479
                                                  • SetLastError.KERNEL32(00000000), ref: 028D8488
                                                  • GetLastError.KERNEL32 ref: 028D8496
                                                  • _free.LIBCMT ref: 028D84A3
                                                  • _memmove.LIBCMT ref: 028D84EA
                                                  • htonl.WS2_32(?), ref: 028D84F5
                                                  • _malloc.LIBCMT ref: 028D8502
                                                  • _memcpy_s.LIBCMT ref: 028D852D
                                                  • SetLastError.KERNEL32(00000000), ref: 028D8563
                                                  • _free.LIBCMT ref: 028D856A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLast$_free$_malloc$FileObjectReadSingleWait_memcpy_s_memmovehtonl
                                                  • String ID:
                                                  • API String ID: 3183376787-0
                                                  • Opcode ID: d4fede00dad872244576b1409c91c4172c8da056f3df4fd30bfd033765e51d32
                                                  • Instruction ID: 837356d8cde7123676370bca4eb23b29567a906ef8ec1b4cbbc19bd6a0c34228
                                                  • Opcode Fuzzy Hash: d4fede00dad872244576b1409c91c4172c8da056f3df4fd30bfd033765e51d32
                                                  • Instruction Fuzzy Hash: 8D51547ED00209BFDB10EBE9CC45EEE77BDAB08314F048465EA19F6140D774EA598BA1
                                                  Function 02B5BB5F Relevance: 19.7, APIs: 13, Instructions: 152COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _malloc.LIBCMT ref: 02B5BBA2
                                                  • SetLastError.KERNEL32(00000008,00000000,00000000,00000000,?,02B5C049,00000000,?), ref: 02B5BBB3
                                                  • _memset.LIBCMT ref: 02B5BBC3
                                                  • _memmove.LIBCMT ref: 02B5BBCF
                                                  • _strlen.LIBCMT ref: 02B5BC06
                                                  • _free.LIBCMT ref: 02B5BC11
                                                  • _calloc.LIBCMT ref: 02B5BC37
                                                  • SetLastError.KERNEL32(00000008,?,?,?,00000000,00000000,00000000,?,02B5C049,00000000,?), ref: 02B5BC49
                                                  • _strcat.LIBCMT ref: 02B5BC8E
                                                  • _strlen.LIBCMT ref: 02B5BC96
                                                  • _free.LIBCMT ref: 02B5BCA4
                                                    • Part of subcall function 02B79C1A: RtlFreeHeap.NTDLL(00000000,00000000,?,02B81D2C,00000000,?,?,?,00000000,?,02B87EE1,00000018,02B99648,00000008,02B87E2E,?), ref: 02B79C2E
                                                    • Part of subcall function 02B79C1A: GetLastError.KERNEL32(00000000,?,02B81D2C,00000000,?,?,?,00000000,?,02B87EE1,00000018,02B99648,00000008,02B87E2E,?,?), ref: 02B79C40
                                                  • _free.LIBCMT ref: 02B5BCC8
                                                  • SetLastError.KERNEL32(000000A0,00000000,?,02B5C049,00000000,?), ref: 02B5BCD9
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$_free$_strlen$FreeHeap_calloc_malloc_memmove_memset_strcat
                                                  • String ID:
                                                  • API String ID: 2531940127-0
                                                  • Opcode ID: 4872e33cb8411caaa49f73d23e70022b165b02712d8ff3bc93e42c863bffc95c
                                                  • Instruction ID: f7d706726eb9ca937c3553201bc7b9757739c864971d674116a10196dfd5ac3a
                                                  • Opcode Fuzzy Hash: 4872e33cb8411caaa49f73d23e70022b165b02712d8ff3bc93e42c863bffc95c
                                                  • Instruction Fuzzy Hash: 8F41F975D00625AFDF10AFA9C880BAE77B9EF45324F0480EAED14EF240DB7599428F94
                                                  Function 028D9EB5 Relevance: 19.6, APIs: 13, Instructions: 96COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 028D9EE4
                                                    • Part of subcall function 028E0078: RtlFreeHeap.NTDLL(00000000,00000000,?,028E61E9,00000000,?,?,?,00000000,?,028E98AE,00000018,028F5608,00000008,028E97FB,?), ref: 028E008C
                                                    • Part of subcall function 028E0078: GetLastError.KERNEL32(00000000,?,028E61E9,00000000,?,?,?,00000000,?,028E98AE,00000018,028F5608,00000008,028E97FB,?,?), ref: 028E009E
                                                  • _free.LIBCMT ref: 028D9EF5
                                                  • _free.LIBCMT ref: 028D9F06
                                                  • _free.LIBCMT ref: 028D9F17
                                                  • _free.LIBCMT ref: 028D9F28
                                                  • _free.LIBCMT ref: 028D9F39
                                                  • _free.LIBCMT ref: 028D9F4A
                                                  • GlobalFree.KERNEL32(00000000), ref: 028D9F63
                                                  • GlobalFree.KERNEL32(00000000), ref: 028D9F72
                                                  • _free.LIBCMT ref: 028D9F81
                                                  • _free.LIBCMT ref: 028D9F99
                                                  • _free.LIBCMT ref: 028D9FAB
                                                  • _free.LIBCMT ref: 028D9FB5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free$Free$Global$ErrorHeapLast
                                                  • String ID:
                                                  • API String ID: 1580220124-0
                                                  • Opcode ID: 19da059839abf58fa83862dc5621381695b41ff0095b923f0a9e9ea4a504374f
                                                  • Instruction ID: a5b35615d3b567c0a88a8d2988850be099bd1054d001c7ffa4bf02f2ec2fa91a
                                                  • Opcode Fuzzy Hash: 19da059839abf58fa83862dc5621381695b41ff0095b923f0a9e9ea4a504374f
                                                  • Instruction Fuzzy Hash: 3D31AB3E444B05DFCB70AF29E980626BBF6BF04318B584A3ED44E95C61CB70A498CF45
                                                  Function 02B5271C Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 160COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: 65535$udp
                                                  • API String ID: 0-1267037602
                                                  • Opcode ID: f3024040e74d658f6365350b3135e165adfce835bd13f12e863b6a1c85014184
                                                  • Instruction ID: 7f87b2bd43bb37da2baeef5925377f562544c843e4ed09f9c7c80d85da0020fe
                                                  • Opcode Fuzzy Hash: f3024040e74d658f6365350b3135e165adfce835bd13f12e863b6a1c85014184
                                                  • Instruction Fuzzy Hash: 2E51F875A022269BEF258E98C905BAA3764EF44354F0844E5EC159F3C0D738E950CBA1
                                                  Function 028D70F2 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 149COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CloseHandle_calloc_memmove$___from_strstr_to_strchr__snprintf_s_free_malloc
                                                  • String ID: \\%s\pipe\%s
                                                  • API String ID: 4243514083-540213758
                                                  • Opcode ID: 122ffe721f6f0e2891c9a75d17228ea4fc2a9aae3a240964c7fef61024f4e99f
                                                  • Instruction ID: 073a793fb61581f83523af7389edc262cbf9bfcdbdf9cf187a489f855afba22a
                                                  • Opcode Fuzzy Hash: 122ffe721f6f0e2891c9a75d17228ea4fc2a9aae3a240964c7fef61024f4e99f
                                                  • Instruction Fuzzy Hash: 1941287D940705BBEB216BB88C41FABF3B9AF00714F100529F94EF6181EBB5D5588E92
                                                  Function 028DA3B7 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 111networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 028DA3DE
                                                  • GetLastError.KERNEL32 ref: 028DA3EB
                                                  • _memset.LIBCMT ref: 028DA403
                                                  • _memset.LIBCMT ref: 028DA415
                                                  • _memset.LIBCMT ref: 028DA421
                                                  • InternetCrackUrlW.WININET(?,00000000,00000000,0000003C), ref: 028DA456
                                                  • _free.LIBCMT ref: 028DA465
                                                    • Part of subcall function 028E0078: RtlFreeHeap.NTDLL(00000000,00000000,?,028E61E9,00000000,?,?,?,00000000,?,028E98AE,00000018,028F5608,00000008,028E97FB,?), ref: 028E008C
                                                    • Part of subcall function 028E0078: GetLastError.KERNEL32(00000000,?,028E61E9,00000000,?,?,?,00000000,?,028E98AE,00000018,028F5608,00000008,028E97FB,?,?), ref: 028E009E
                                                  • InternetConnectW.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 028DA499
                                                  • InternetSetOptionW.WININET(?,0000002B,00000000,00000000), ref: 028DA4CD
                                                  • InternetSetOptionW.WININET(?,0000002C,00000000,00000000), ref: 028DA4E7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Internet$_memset$ErrorLastOption$ConnectCrackFreeHeapOpen_free
                                                  • String ID: <
                                                  • API String ID: 2538166667-4251816714
                                                  • Opcode ID: 107a64e97e3c35253ec029993b2aad74a7f499c6be7a4c478d7bc0be4f681bdb
                                                  • Instruction ID: 9243587e0acce8b49596a021508dffdf36cdc57167a83c2605690cad34f4b6af
                                                  • Opcode Fuzzy Hash: 107a64e97e3c35253ec029993b2aad74a7f499c6be7a4c478d7bc0be4f681bdb
                                                  • Instruction Fuzzy Hash: 1041A479800204EBDB35AF66DC48E9BBBFAFB88700F10892EE54AE2550D771E594CF51
                                                  Function 02B51B70 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 106networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetUdpTable.IPHLPAPI(00000000,?,00000001), ref: 02B51B8A
                                                  • _malloc.LIBCMT ref: 02B51B9B
                                                    • Part of subcall function 02B79C52: __FF_MSGBANNER.LIBCMT ref: 02B79C69
                                                    • Part of subcall function 02B79C52: __NMSG_WRITE.LIBCMT ref: 02B79C70
                                                    • Part of subcall function 02B79C52: RtlAllocateHeap.NTDLL(00A40000,00000000,00000001,00000000,00000000,00000000,?,02B87D0E,?,?,?,00000000,?,02B87EE1,00000018,02B99648), ref: 02B79C95
                                                  • GetUdpTable.IPHLPAPI(00000000,?,00000001), ref: 02B51BAD
                                                  • _free.LIBCMT ref: 02B51C62
                                                    • Part of subcall function 02B515EE: _free.LIBCMT ref: 02B51617
                                                  • htons.WS2_32(0000000A), ref: 02B51BFA
                                                  • _strncpy.LIBCMT ref: 02B51C18
                                                  • _strncpy.LIBCMT ref: 02B51C2A
                                                  • _strncpy.LIBCMT ref: 02B51C3C
                                                  • _free.LIBCMT ref: 02B51C78
                                                  • GetLastError.KERNEL32(00000000,?,00000001,00000000,00000008,00000000,02B51CC6,02B51F4B,?,?,?,?,?,02B51F4B,0000000A), ref: 02B51C83
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _free_strncpy$Table$AllocateErrorHeapLast_mallochtons
                                                  • String ID: udp
                                                  • API String ID: 1714473080-4243565622
                                                  • Opcode ID: 8cc75e1d3b679807ce434c0ce8a263278408d50ff5bdae580a2d878ebb1b44ae
                                                  • Instruction ID: 0bf1e54959e2b0ece2750bbeabbd1b83e83ddd7e1f684a71306b25e5b57210a5
                                                  • Opcode Fuzzy Hash: 8cc75e1d3b679807ce434c0ce8a263278408d50ff5bdae580a2d878ebb1b44ae
                                                  • Instruction Fuzzy Hash: 0C31B371910619FFDB10DF69C984BAEBBB8FB04354F1044AAE819EB240D771E650DF94
                                                  Function 028D9911 Relevance: 18.2, APIs: 12, Instructions: 234COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 028DA57D: WaitForSingleObject.KERNEL32(?,000000FF,?,028D4C1A,00000001,00000000,?,028D4BFE,00000000,00000000,028D6978,00000000,00000000,028D7DFF), ref: 028DA58B
                                                  • SetLastError.KERNEL32(00000490), ref: 028D9967
                                                  • SetLastError.KERNEL32(00000000), ref: 028D998F
                                                  • GetLastError.KERNEL32 ref: 028D9991
                                                  • SetLastError.KERNEL32(00000490), ref: 028D9B31
                                                  • GetLastError.KERNEL32 ref: 028D9B36
                                                  • _free.LIBCMT ref: 028D9B47
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLast$ObjectSingleWait_free
                                                  • String ID:
                                                  • API String ID: 4243334350-0
                                                  • Opcode ID: e1f1b1d5f93d980bd1a7d89efd0a507ab978e3eb82a59851616db5e5c3ed734a
                                                  • Instruction ID: e5f6c7485b71fa700b5fea0b2838ede50f86c66e70daa49518e74c2712d2bec2
                                                  • Opcode Fuzzy Hash: e1f1b1d5f93d980bd1a7d89efd0a507ab978e3eb82a59851616db5e5c3ed734a
                                                  • Instruction Fuzzy Hash: 5A714C7AE00209AFDF14DFA9DC45FAEB7B8EF04315F004469E919E6240EB74EA588B51
                                                  Function 065483C4 Relevance: 18.1, APIs: 12, Instructions: 84COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • DecodePointer.KERNEL32(?,00000001,065466DB,06559CC0,00000008,06546812,?,00000001,?,06559CE0,0000000C,065467B1,?,00000001,?), ref: 065483CC
                                                  • _free.LIBCMT ref: 065483E5
                                                    • Part of subcall function 06545128: RtlFreeHeap.NTDLL(00000000,00000000,?,065481F2,00000000,06546924,0654698F,0000002C,?,06545100,?,?,00000000,0000002C), ref: 0654513C
                                                    • Part of subcall function 06545128: GetLastError.KERNEL32(00000000,?,065481F2,00000000,06546924,0654698F,0000002C,?,06545100,?,?,00000000,0000002C,?,?,06543B69), ref: 0654514E
                                                  • _free.LIBCMT ref: 065483F8
                                                  • _free.LIBCMT ref: 06548416
                                                  • _free.LIBCMT ref: 06548428
                                                  • _free.LIBCMT ref: 06548439
                                                  • _free.LIBCMT ref: 06548444
                                                  • _free.LIBCMT ref: 06548468
                                                  • EncodePointer.KERNEL32(00ACA888), ref: 0654846F
                                                  • _free.LIBCMT ref: 06548484
                                                  • _free.LIBCMT ref: 0654849A
                                                  • _free.LIBCMT ref: 065484C2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _free$Pointer$DecodeEncodeErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 3064303923-0
                                                  • Opcode ID: f7b46fc8f4644700c4efb4f793d0f00f135e70860a9a471bb1ef25ea2d179955
                                                  • Instruction ID: 24ca2d8698600924e9826c60a171e349ba857c5a788615c126861edc8f0372b0
                                                  • Opcode Fuzzy Hash: f7b46fc8f4644700c4efb4f793d0f00f135e70860a9a471bb1ef25ea2d179955
                                                  • Instruction Fuzzy Hash: 3E218332D013129BC7A57F14FCA852977EAFB4436C35514AEFA886B240E7359849EF81
                                                  Function 028E4572 Relevance: 18.1, APIs: 12, Instructions: 84COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • DecodePointer.KERNEL32(?,00000001,028E4240,028F5498,00000008,028E4377,?,00000001,?,028F54B8,0000000C,028E4316,?,00000001,?), ref: 028E457A
                                                  • _free.LIBCMT ref: 028E4593
                                                    • Part of subcall function 028E0078: RtlFreeHeap.NTDLL(00000000,00000000,?,028E61E9,00000000,?,?,?,00000000,?,028E98AE,00000018,028F5608,00000008,028E97FB,?), ref: 028E008C
                                                    • Part of subcall function 028E0078: GetLastError.KERNEL32(00000000,?,028E61E9,00000000,?,?,?,00000000,?,028E98AE,00000018,028F5608,00000008,028E97FB,?,?), ref: 028E009E
                                                  • _free.LIBCMT ref: 028E45A6
                                                  • _free.LIBCMT ref: 028E45C4
                                                  • _free.LIBCMT ref: 028E45D6
                                                  • _free.LIBCMT ref: 028E45E7
                                                  • _free.LIBCMT ref: 028E45F2
                                                  • _free.LIBCMT ref: 028E4616
                                                  • EncodePointer.KERNEL32(00AA9948), ref: 028E461D
                                                  • _free.LIBCMT ref: 028E4632
                                                  • _free.LIBCMT ref: 028E4648
                                                  • _free.LIBCMT ref: 028E4670
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free$Pointer$DecodeEncodeErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 3064303923-0
                                                  • Opcode ID: 3a681197e9663ecf51ac7a287566c1ced0cdac7099e0c779d5f960cfd970cbd1
                                                  • Instruction ID: 5f92ebd37abdc5d1b6ee1958060b3ba572d39d812e7c8eb00d1bc113460a01c7
                                                  • Opcode Fuzzy Hash: 3a681197e9663ecf51ac7a287566c1ced0cdac7099e0c779d5f960cfd970cbd1
                                                  • Instruction Fuzzy Hash: D921A2BDCC05158BDEA4EF68F440E197765BB1A320319092ADA0EF72E1CB389824CF91
                                                  Function 02B7EE6F Relevance: 18.1, APIs: 12, Instructions: 84COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlDecodePointer.NTDLL ref: 02B7EE77
                                                  • _free.LIBCMT ref: 02B7EE90
                                                    • Part of subcall function 02B79C1A: RtlFreeHeap.NTDLL(00000000,00000000,?,02B81D2C,00000000,?,?,?,00000000,?,02B87EE1,00000018,02B99648,00000008,02B87E2E,?), ref: 02B79C2E
                                                    • Part of subcall function 02B79C1A: GetLastError.KERNEL32(00000000,?,02B81D2C,00000000,?,?,?,00000000,?,02B87EE1,00000018,02B99648,00000008,02B87E2E,?,?), ref: 02B79C40
                                                  • _free.LIBCMT ref: 02B7EEA3
                                                  • _free.LIBCMT ref: 02B7EEC1
                                                  • _free.LIBCMT ref: 02B7EED3
                                                  • _free.LIBCMT ref: 02B7EEE4
                                                  • _free.LIBCMT ref: 02B7EEEF
                                                  • _free.LIBCMT ref: 02B7EF13
                                                  • RtlEncodePointer.NTDLL(00AC3D38), ref: 02B7EF1A
                                                  • _free.LIBCMT ref: 02B7EF2F
                                                  • _free.LIBCMT ref: 02B7EF45
                                                  • _free.LIBCMT ref: 02B7EF6D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _free$Pointer$DecodeEncodeErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 3064303923-0
                                                  • Opcode ID: 75af7dad0c5035ad2895f7786f28c60b222d1c792a490f201270df28556b52b6
                                                  • Instruction ID: 11149ab2ef66de4375db892402d1502a3c512e6766f12540880903a8c74961ec
                                                  • Opcode Fuzzy Hash: 75af7dad0c5035ad2895f7786f28c60b222d1c792a490f201270df28556b52b6
                                                  • Instruction Fuzzy Hash: 8F218376D85611DFEB206F28F94151577B5FF057A4B0908EAED6897240CB34D8A1CF88
                                                  Function 02B59768 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 207COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _strlen$_malloc$__snprintf
                                                  • String ID: %s %s
                                                  • API String ID: 3041897451-2939940506
                                                  • Opcode ID: 4c5a895050f0fe5d94f0ffee74e28333e9d51e29fb85c249515352ce7ee2ad0a
                                                  • Instruction ID: 7d6d38a877f4f8641734f9c4c7628dc3234fb5aa37b46e36ec48d9ea7288bc2e
                                                  • Opcode Fuzzy Hash: 4c5a895050f0fe5d94f0ffee74e28333e9d51e29fb85c249515352ce7ee2ad0a
                                                  • Instruction Fuzzy Hash: 7161F271900715EFEB219F68CC84B6A7BADFF45384F1840A4FD559B202D775A912CBE0
                                                  Function 02B54F4B Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 172COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _free$DefaultSystem_callocswprintf
                                                  • String ID: #filename = %s$%s\$size,path
                                                  • API String ID: 3199927154-2760761816
                                                  • Opcode ID: b8c77cdf1c73d58f35398702bebc70e43d12b56efbcc1f3b5ec83a8ee572190c
                                                  • Instruction ID: 21cf9bf888b9c447a35d4bf5b4fcb9210f6b3b85a2d4987839cfa3c1d65dcd82
                                                  • Opcode Fuzzy Hash: b8c77cdf1c73d58f35398702bebc70e43d12b56efbcc1f3b5ec83a8ee572190c
                                                  • Instruction Fuzzy Hash: 86516271900229AFDF10DFA8C844BEE7BB9EF49715B18409AF904EB210D771D941DBE0
                                                  Function 028D87ED Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 122pipeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _wcsstr.LIBCMT ref: 028D884E
                                                  • _wcschr.LIBCMT ref: 028D885C
                                                  • _wcschr.LIBCMT ref: 028D886A
                                                  • _calloc.LIBCMT ref: 028D8899
                                                  • __snprintf_s.LIBCMT ref: 028D88B3
                                                  • SetHandleInformation.KERNEL32(000000FF,00000001,00000000), ref: 028D8927
                                                  • SetNamedPipeHandleState.KERNEL32(?,00000000,00000000,00000000), ref: 028D88D7
                                                    • Part of subcall function 028D5466: GetSystemTime.KERNEL32(?,?,?,?,?,?,028D7D9A), ref: 028D5470
                                                    • Part of subcall function 028D5466: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,028D7D9A), ref: 028D547E
                                                    • Part of subcall function 028D5466: __aulldiv.LIBCMT ref: 028D549E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Time$HandleSystem_wcschr$FileInformationNamedPipeState__aulldiv__snprintf_s_calloc_wcsstr
                                                  • String ID: \\%s\pipe\%s$\\.\$pipe
                                                  • API String ID: 101525352-8644039
                                                  • Opcode ID: 06788d92a039e454c774808c2457d5773f965370496e7e395cc541ff46c0db8f
                                                  • Instruction ID: 6bdbdf884a01ffcf8fb42855290493fd4834e97accd8491fd62d76883b056ed3
                                                  • Opcode Fuzzy Hash: 06788d92a039e454c774808c2457d5773f965370496e7e395cc541ff46c0db8f
                                                  • Instruction Fuzzy Hash: 0041E3BD940204BBEF10AF68CC45FAA7769EF14721F004165FA19E7281E7709A55CB92
                                                  Function 02B58842 Relevance: 17.5, APIs: 3, Strings: 7, Instructions: 49libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,02B585CF), ref: 02B58847
                                                  • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 02B5885F
                                                  • GetProcAddress.KERNEL32(GetProcAddress), ref: 02B58879
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: HandleModule$AddressProc
                                                  • String ID: CloseHandle$GetProcAddress$NtReadVirtualMemory$OpenProcess$VirtualQueryEx$kernel32.dll$ntdll.dll
                                                  • API String ID: 1883125708-309972381
                                                  • Opcode ID: c192ce88a2fe638eee5970b5a487a7d287fd9d6aaa02e0c9192d10129594dde7
                                                  • Instruction ID: a10ba275734eb36abf4c233b8d719973ad2a67f9be17903fadeb716591143010
                                                  • Opcode Fuzzy Hash: c192ce88a2fe638eee5970b5a487a7d287fd9d6aaa02e0c9192d10129594dde7
                                                  • Instruction Fuzzy Hash: 99110378EF0253AAEB914B2DA917A453BA5EB143C2F104875FC0ED7550FB75C460AF00
                                                  Function 02B56E04 Relevance: 16.7, APIs: 11, Instructions: 155networksleepCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorEventLastResetSleepaccept
                                                  • String ID:
                                                  • API String ID: 3917514729-0
                                                  • Opcode ID: 44f95b60a6b3264773b76f368c5afbd1537c1f5e52dbf64ef402c4dc299897f1
                                                  • Instruction ID: 8bb70bf64ff80abc41d062ab219833972d8e3a139fefb60b50f1071a07c7f05b
                                                  • Opcode Fuzzy Hash: 44f95b60a6b3264773b76f368c5afbd1537c1f5e52dbf64ef402c4dc299897f1
                                                  • Instruction Fuzzy Hash: 0151AF35D40229FFDB119FA8D905AAEBBBAFF08360F004595F909AB250C7719E60DF90
                                                  Function 02B513C6 Relevance: 16.6, APIs: 11, Instructions: 145COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetIpNetTable.IPHLPAPI(00000000,?,00000000), ref: 02B513DF
                                                  • _malloc.LIBCMT ref: 02B513F0
                                                    • Part of subcall function 02B79C52: __FF_MSGBANNER.LIBCMT ref: 02B79C69
                                                    • Part of subcall function 02B79C52: __NMSG_WRITE.LIBCMT ref: 02B79C70
                                                    • Part of subcall function 02B79C52: RtlAllocateHeap.NTDLL(00A40000,00000000,00000001,00000000,00000000,00000000,?,02B87D0E,?,?,?,00000000,?,02B87EE1,00000018,02B99648), ref: 02B79C95
                                                  • GetIpNetTable.IPHLPAPI(00000000,?,00000000), ref: 02B51406
                                                  • _memset.LIBCMT ref: 02B5146F
                                                  • _memset.LIBCMT ref: 02B5150E
                                                  • GetIfEntry.IPHLPAPI(?), ref: 02B5151D
                                                  • _strlen.LIBCMT ref: 02B5152F
                                                  • swprintf.LIBCMT ref: 02B5154F
                                                  • _strlen.LIBCMT ref: 02B51558
                                                  • _free.LIBCMT ref: 02B51596
                                                  • GetLastError.KERNEL32(?,00000000), ref: 02B515AE
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Table_memset_strlen$AllocateEntryErrorHeapLast_free_mallocswprintf
                                                  • String ID:
                                                  • API String ID: 2049838111-0
                                                  • Opcode ID: d9c5f04e568d7e3b2e0d463c29cdf710815b0670200fa0bb3211a77aa43cf803
                                                  • Instruction ID: e0bd78487cb132a72660d3005fc2799604ca1534fe055ec9d47253eff99a75d3
                                                  • Opcode Fuzzy Hash: d9c5f04e568d7e3b2e0d463c29cdf710815b0670200fa0bb3211a77aa43cf803
                                                  • Instruction Fuzzy Hash: 2F51D5B1D00228ABDB21DF99D984BDEFBF9EF98310F1041EAD519A6210E7748B848F50
                                                  Function 028DFEC9 Relevance: 16.6, APIs: 11, Instructions: 127memorystringCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32(00000000,?,00000000), ref: 028DFEE2
                                                  • GetProcessHeap.KERNEL32(?,00000000), ref: 028DFEEB
                                                    • Part of subcall function 028DFDD4: GetProcessHeap.KERNEL32(00000001,00000000,028DFC9A,?,028D2A41,00000001,?,?,028D1E76), ref: 028DFDD8
                                                    • Part of subcall function 028DFDD4: HeapAlloc.KERNEL32(00000000,00000008,00000004,?,028D2A41,00000001,?,?,028D1E76), ref: 028DFDFA
                                                    • Part of subcall function 028DFDD4: GetModuleHandleA.KERNEL32(ntdll.dll,00000000,?,028D2A41,00000001,?,?,028D1E76), ref: 028DFE13
                                                    • Part of subcall function 028DFDD4: LoadLibraryA.KERNEL32(ntdll.dll,?,028D2A41,00000001,?,?,028D1E76), ref: 028DFE24
                                                    • Part of subcall function 028DFDD4: HeapFree.KERNEL32(00000000,00000000,00000000,?,028D2A41,00000001,?,?,028D1E76), ref: 028DFEB8
                                                  • HeapAlloc.KERNEL32(00000000,00000008,00000800,?,00000000), ref: 028DFF0E
                                                  • HeapReAlloc.KERNEL32(00000000,00000000,00000000,00000000,?,00000000), ref: 028DFF4C
                                                  • HeapFree.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 028DFF68
                                                  • HeapAlloc.KERNEL32(00000000,00000008,00000800,?,00000000), ref: 028DFF7C
                                                  • DuplicateHandle.KERNEL32(000000FF,00000008,?,000000FF,00000000,00000000,00000000,?,00000000), ref: 028DFFA9
                                                  • lstrcmpW.KERNEL32(00000002,?,?,00000000), ref: 028DFFD9
                                                  • CloseHandle.KERNEL32(000000FF,?,00000000), ref: 028DFFE6
                                                  • HeapFree.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 028E000B
                                                  • HeapFree.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 028E0011
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Heap$AllocFree$HandleProcess$CloseCurrentDuplicateLibraryLoadModulelstrcmp
                                                  • String ID:
                                                  • API String ID: 3590941266-0
                                                  • Opcode ID: 06a78fb7f8fd1bd6861905f57667de5ee9dc5c9f32463b8bec9a274ac42379cf
                                                  • Instruction ID: 747703c33dcecaf44e06af541329347dbcef70672fcd46f862c76c3f45b9c756
                                                  • Opcode Fuzzy Hash: 06a78fb7f8fd1bd6861905f57667de5ee9dc5c9f32463b8bec9a274ac42379cf
                                                  • Instruction Fuzzy Hash: AB417639D00209FBCB208BA4CC49F9EBBB8FF15715F204554F61AE65C0DB719A549B90
                                                  Function 028A92B5 Relevance: 16.6, APIs: 11, Instructions: 96COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free
                                                  • String ID:
                                                  • API String ID: 269201875-0
                                                  • Opcode ID: 768bdf84ddac0e0693e72c9bbb8cdc89df11fd0ea6cca7e4f46c6c077693345a
                                                  • Instruction ID: 08d13bfd4d94f9fabc6f8ec133fc1e5ae18e321b1c3b6085934a412f3711b9bb
                                                  • Opcode Fuzzy Hash: 768bdf84ddac0e0693e72c9bbb8cdc89df11fd0ea6cca7e4f46c6c077693345a
                                                  • Instruction Fuzzy Hash: E231703D409B05DFE7216F69D5A0612B7F5BF04318B68A52ED58E86CA0CF31A490CE54
                                                  Function 02B5EF4D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 180COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _free$_memset$FreeLocal
                                                  • String ID: FormatMessage failed to retrieve the error.$The operation completed successfully.$stdcall
                                                  • API String ID: 4239025173-2326785561
                                                  • Opcode ID: 7839f7130d1c5bf7076228d3436b207316b24c047b406d59cf765b11188dbb76
                                                  • Instruction ID: 9deb2b6c42b293a26cfaef68149e96e5d306acc9693d969c6891c0fa756c8ea2
                                                  • Opcode Fuzzy Hash: 7839f7130d1c5bf7076228d3436b207316b24c047b406d59cf765b11188dbb76
                                                  • Instruction Fuzzy Hash: 0E51A072D40219AFDB019FE8DD45EAEBBBAFF09351F040069FA04AF150DBB1D9508B95
                                                  Function 028DA0C5 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _malloc.LIBCMT ref: 028DA0D0
                                                    • Part of subcall function 028E00B0: __FF_MSGBANNER.LIBCMT ref: 028E00C7
                                                    • Part of subcall function 028E00B0: __NMSG_WRITE.LIBCMT ref: 028E00CE
                                                    • Part of subcall function 028E00B0: RtlAllocateHeap.NTDLL(00A40000,00000000,00000001,00000000,00000000,00000000,?,028E9533,?,?,?,00000000,?,028E98AE,00000018,028F5608), ref: 028E00F3
                                                  • _malloc.LIBCMT ref: 028DA0D9
                                                  • _memset.LIBCMT ref: 028DA0F5
                                                  • _memset.LIBCMT ref: 028DA100
                                                  • _free.LIBCMT ref: 028DA1B2
                                                  • _memcmp.LIBCMT ref: 028DA1DC
                                                  • _malloc.LIBCMT ref: 028DA1EA
                                                  • _memmove.LIBCMT ref: 028DA1FC
                                                    • Part of subcall function 028D5466: GetSystemTime.KERNEL32(?,?,?,?,?,?,028D7D9A), ref: 028D5470
                                                    • Part of subcall function 028D5466: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,028D7D9A), ref: 028D547E
                                                    • Part of subcall function 028D5466: __aulldiv.LIBCMT ref: 028D549E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Time_malloc$System_memset$AllocateFileHeap__aulldiv_free_memcmp_memmove
                                                  • String ID: https
                                                  • API String ID: 802662995-1056335270
                                                  • Opcode ID: 6197645f11496232ec9b621c37be94e987dc4d4d7d2ea41527ebb52f1932945e
                                                  • Instruction ID: 10187cbcea932f5fd57b292ccfd32a82b0a9572871e4cacb37f3e09d3b204b51
                                                  • Opcode Fuzzy Hash: 6197645f11496232ec9b621c37be94e987dc4d4d7d2ea41527ebb52f1932945e
                                                  • Instruction Fuzzy Hash: 0B519EBD600700AFDB54EF78C840A57B7E9FB05314F10496DEA4ADB280EBB4E9498F91
                                                  Function 02B51716 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 129networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetTcpTable.IPHLPAPI(00000000,00000001,00000001), ref: 02B5172D
                                                  • _malloc.LIBCMT ref: 02B5173E
                                                    • Part of subcall function 02B79C52: __FF_MSGBANNER.LIBCMT ref: 02B79C69
                                                    • Part of subcall function 02B79C52: __NMSG_WRITE.LIBCMT ref: 02B79C70
                                                    • Part of subcall function 02B79C52: RtlAllocateHeap.NTDLL(00A40000,00000000,00000001,00000000,00000000,00000000,?,02B87D0E,?,?,?,00000000,?,02B87EE1,00000018,02B99648), ref: 02B79C95
                                                  • GetTcpTable.IPHLPAPI(00000000,00000001,00000001), ref: 02B5174D
                                                  • _free.LIBCMT ref: 02B51854
                                                    • Part of subcall function 02B515EE: _free.LIBCMT ref: 02B51617
                                                  • htons.WS2_32(?), ref: 02B517A0
                                                  • htons.WS2_32(?), ref: 02B517D0
                                                  • _free.LIBCMT ref: 02B5185D
                                                  • GetLastError.KERNEL32(00000000,00000001,00000001,00000000,00000000,?,02B518AB,00000001,?,00000000,02B51F31,0000000A,00000418,00000001,00000000), ref: 02B51868
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _free$Tablehtons$AllocateErrorHeapLast_malloc
                                                  • String ID: tcp
                                                  • API String ID: 4024905696-2993443014
                                                  • Opcode ID: fb77151945cabbbb59ff8090e4209113dd33808d17cb7dca9c60172a3e19357b
                                                  • Instruction ID: 2935592b4fdf6405b0372a66346016ed273f85ffdc0b3ee97c7f47cfc0479c1f
                                                  • Opcode Fuzzy Hash: fb77151945cabbbb59ff8090e4209113dd33808d17cb7dca9c60172a3e19357b
                                                  • Instruction Fuzzy Hash: 67417CB5E10224AFDB20DFACC985B6DB7B9EB09748F1044A9E918DF241E774D941CF60
                                                  Function 02B57385 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 95sleepnetworkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ResetEvent.KERNEL32(?), ref: 02B573A7
                                                  • recvfrom.WS2_32(?,?,0000FFFF,00000000,?,?), ref: 02B573CC
                                                  • WSAGetLastError.WS2_32 ref: 02B573DA
                                                  • Sleep.KERNEL32(000000FA), ref: 02B573FF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorEventLastResetSleeprecvfrom
                                                  • String ID: 0.0.0.0
                                                  • API String ID: 2877576581-3771769585
                                                  • Opcode ID: 641c36c0134c8512d62798d28ca37ba34f49360f734d06eb8bc2efca26654151
                                                  • Instruction ID: 043d6e31118d610a9c60fa7f1464b84006f296b9169f178a067743efb995f051
                                                  • Opcode Fuzzy Hash: 641c36c0134c8512d62798d28ca37ba34f49360f734d06eb8bc2efca26654151
                                                  • Instruction Fuzzy Hash: 41315D71D10229EFDB019FA4DD48AEEBBB9FF09350F1485A6F918EA240D7709950DFA0
                                                  Function 028D8702 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 91pipeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 028D7B7F: GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,?,028D7C2B,SeSecurityPrivilege,00000001,?,?,00000000,?), ref: 028D7B8B
                                                    • Part of subcall function 028D7B7F: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,028D7C2B,SeSecurityPrivilege,00000001,?,?,00000000,?), ref: 028D7B92
                                                    • Part of subcall function 028D7B7F: GetLastError.KERNEL32(?,?,?,?,?,028D7C2B,SeSecurityPrivilege,00000001,?,?,00000000,?,?,?,?,?), ref: 028D7B9C
                                                  • CreateNamedPipeW.KERNEL32(?,00000003,00000000,000000FF,00010000,00010000,00000000,?), ref: 028D875A
                                                  • GetLastError.KERNEL32 ref: 028D875E
                                                  • CreateNamedPipeW.KERNEL32(?,00000003,00000000,000000FF,00010000,00010000,00000000,00000000), ref: 028D8797
                                                  • GetLastError.KERNEL32 ref: 028D879B
                                                    • Part of subcall function 028D7A78: AllocateAndInitializeSid.ADVAPI32(?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,759222C0), ref: 028D7AA6
                                                    • Part of subcall function 028D7A78: SetEntriesInAclW.ADVAPI32(00000001,?,00000000,?,?), ref: 028D7AEA
                                                    • Part of subcall function 028D7A78: AllocateAndInitializeSid.ADVAPI32(?,00000001,00001000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,028D7C4D), ref: 028D7B12
                                                    • Part of subcall function 028D7A78: LocalAlloc.KERNEL32(00000040,00000100), ref: 028D7B22
                                                    • Part of subcall function 028D7A78: InitializeAcl.ADVAPI32(00000000,00000100,00000004), ref: 028D7B2A
                                                    • Part of subcall function 028D7A78: LocalAlloc.KERNEL32(00000040,00000014,00000000,00000004,00000004,00000000,028D7C4D), ref: 028D7B44
                                                    • Part of subcall function 028D7A78: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 028D7B4B
                                                    • Part of subcall function 028D7A78: SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,?,00000000), ref: 028D7B58
                                                    • Part of subcall function 028D7A78: SetSecurityDescriptorSacl.ADVAPI32(00000000,00000001,00000000,00000000), ref: 028D7B63
                                                  • ConnectNamedPipe.KERNEL32(00000000,00000000), ref: 028D87B1
                                                  • GetLastError.KERNEL32 ref: 028D87BB
                                                  • CloseHandle.KERNEL32(00000000), ref: 028D87DC
                                                    • Part of subcall function 028D7B7F: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,?), ref: 028D7BAD
                                                    • Part of subcall function 028D7B7F: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000010,?,00000000), ref: 028D7BEA
                                                    • Part of subcall function 028D7B7F: CloseHandle.KERNEL32(?), ref: 028D7C04
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorInitializeLast$DescriptorNamedPipeSecurity$AllocAllocateCloseCreateHandleLocalProcessToken$AdjustConnectCurrentDaclEntriesLookupOpenPrivilegePrivilegesSaclValue
                                                  • String ID: SeSecurityPrivilege$SeSecurityPrivilege
                                                  • API String ID: 139426882-1340523147
                                                  • Opcode ID: 9844e1a3d15c2d85ea70e3b5aff0101687bb4d9855b3d273fbe2940c45b31865
                                                  • Instruction ID: c51b6835d2446f262928a47a3f1b77169b417f8ee1bdd10237841adb18958506
                                                  • Opcode Fuzzy Hash: 9844e1a3d15c2d85ea70e3b5aff0101687bb4d9855b3d273fbe2940c45b31865
                                                  • Instruction Fuzzy Hash: 0B21D67DA40229BAD720A7698C45FFE7B6DEF007B4F100131FA1CE61C0DB749A498AE5
                                                  Function 028D9B69 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 84COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WinHttpOpen.WINHTTP(?,00000000,00000000,00000000,00000000), ref: 028D9B90
                                                  • GetLastError.KERNEL32 ref: 028D9B9D
                                                  • _memset.LIBCMT ref: 028D9BB5
                                                  • _memset.LIBCMT ref: 028D9BC7
                                                  • _memset.LIBCMT ref: 028D9BD3
                                                  • WinHttpCrackUrl.WINHTTP(?,00000000,00000000,0000003C), ref: 028D9C08
                                                  • _free.LIBCMT ref: 028D9C17
                                                    • Part of subcall function 028E0078: RtlFreeHeap.NTDLL(00000000,00000000,?,028E61E9,00000000,?,?,?,00000000,?,028E98AE,00000018,028F5608,00000008,028E97FB,?), ref: 028E008C
                                                    • Part of subcall function 028E0078: GetLastError.KERNEL32(00000000,?,028E61E9,00000000,?,?,?,00000000,?,028E98AE,00000018,028F5608,00000008,028E97FB,?,?), ref: 028E009E
                                                  • WinHttpConnect.WINHTTP(?,?,?,00000000), ref: 028D9C46
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Http_memset$ErrorLast$ConnectCrackFreeHeapOpen_free
                                                  • String ID: <
                                                  • API String ID: 2670675293-4251816714
                                                  • Opcode ID: 61df649a095235e4ccca33ad4321710b1077d332ba184588d9c8ac8779745d26
                                                  • Instruction ID: ab336668f165f55bde2ec1bdbfab258030689cc61f349dbe32a35b27d8e1d92e
                                                  • Opcode Fuzzy Hash: 61df649a095235e4ccca33ad4321710b1077d332ba184588d9c8ac8779745d26
                                                  • Instruction Fuzzy Hash: D7314F79800228ABCB11AFA6DC48EDABFBCFF49350F004566E609E2540D7309694CFE1
                                                  Function 02B52056 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 83libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryA.KERNEL32 ref: 02B52076
                                                  • GetProcAddress.KERNEL32(00000000,WinHttpGetIEProxyConfigForCurrentUser), ref: 02B5208C
                                                  • GetLastError.KERNEL32 ref: 02B520A4
                                                  • GlobalFree.KERNEL32(00000000), ref: 02B520E5
                                                  • GlobalFree.KERNEL32(00000000), ref: 02B52104
                                                  • GlobalFree.KERNEL32(00000000), ref: 02B52123
                                                  • FreeLibrary.KERNEL32(00000000), ref: 02B52128
                                                  Strings
                                                  • Winhttp.dll, xrefs: 02B5206F
                                                  • WinHttpGetIEProxyConfigForCurrentUser, xrefs: 02B52086
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Free$Global$Library$AddressErrorLastLoadProc
                                                  • String ID: WinHttpGetIEProxyConfigForCurrentUser$Winhttp.dll
                                                  • API String ID: 1134048670-1089090160
                                                  • Opcode ID: 12ff7482883d574d6e78db5d61f8495d66180541889e9a52099e1f4009b4dee4
                                                  • Instruction ID: 0f5e157f03f8d8eaf418b0b02bcfc8b3dbbe09891614065bf3b7099b2b14e02c
                                                  • Opcode Fuzzy Hash: 12ff7482883d574d6e78db5d61f8495d66180541889e9a52099e1f4009b4dee4
                                                  • Instruction Fuzzy Hash: 57219135E50215BFCB125B99DC49E6E7B7AFF08281F0404A4FD05A7211C77189A4DF90
                                                  Function 028D8D95 Relevance: 15.1, APIs: 10, Instructions: 111networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 028D8DBA
                                                  • WSAStartup.WS2_32(00000202,?), ref: 028D8DCE
                                                  • WSAGetLastError.WS2_32 ref: 028D8DD8
                                                  • socket.WS2_32(00000017,00000001,00000006), ref: 028D8DF9
                                                  • setsockopt.WS2_32(00000000,00000029,0000001B,?,00000004), ref: 028D8E13
                                                  • closesocket.WS2_32(00000000), ref: 028D8E1F
                                                  • socket.WS2_32(00000002,00000001,00000006), ref: 028D8E32
                                                  • htons.WS2_32(00000000), ref: 028D8E52
                                                  • htons.WS2_32(?), ref: 028D8E64
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: htonssocket$ErrorLastStartup_memsetclosesocketsetsockopt
                                                  • String ID:
                                                  • API String ID: 1629790708-0
                                                  • Opcode ID: 326fefac90f475a3d19d3e414070b45406e829ca6144bce037a869b21700400e
                                                  • Instruction ID: 43f7a6cdc0674cf4bff57d23b1513f2723e373be62ee554f990c79e3ad09aed1
                                                  • Opcode Fuzzy Hash: 326fefac90f475a3d19d3e414070b45406e829ca6144bce037a869b21700400e
                                                  • Instruction Fuzzy Hash: 46316F7AE40218BAEB20DBE49C09FEE77B9EF08720F104552FA08EB1D0D7B15D548B94
                                                  Function 028B3972 Relevance: 15.1, APIs: 10, Instructions: 84COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free
                                                  • String ID:
                                                  • API String ID: 269201875-0
                                                  • Opcode ID: 87fa4b5e508ddbe1b7447af4b7623bfd20585794b64932546f33d704b044ca17
                                                  • Instruction ID: 5e91e502c90d0b2aa23be929a4d5cddcba48fd222c28535c5b3cdaf21d94de1b
                                                  • Opcode Fuzzy Hash: 87fa4b5e508ddbe1b7447af4b7623bfd20585794b64932546f33d704b044ca17
                                                  • Instruction Fuzzy Hash: E421F23D8019318BF7227F68DCD0B957769BF1A720335406EE948E3670CB35A8428F91
                                                  Function 02B524A3 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 220COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: tcp$udp
                                                  • API String ID: 0-3725065008
                                                  • Opcode ID: 01086d43da52ab4e9133324ae5b979a4b7aebe5dfa0fc626ceb9bf318e371f53
                                                  • Instruction ID: b83dfe880693330106e8cc25c974c5de4c4dac8a02bceb68f983c3a642f567b1
                                                  • Opcode Fuzzy Hash: 01086d43da52ab4e9133324ae5b979a4b7aebe5dfa0fc626ceb9bf318e371f53
                                                  • Instruction Fuzzy Hash: DC717C70E02226EBDF259F94D9947AABBB4EF08344F1480EAED45AF251D774CE40DB90
                                                  Function 028D4AE4 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 81memoryinjectionlibraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualAlloc.KERNEL32(?,?,00003000,00000040,?,?,?,00000000,?,028D460B,00000100,?,000000FF,00000000), ref: 028D4B0C
                                                  • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040,?,?,?,00000000,?,028D460B,00000100,?,000000FF,00000000), ref: 028D4B23
                                                  • GetModuleHandleA.KERNEL32(ntdll,NtLockVirtualMemory,?,?,?,00000000,?,028D460B,00000100,?,000000FF,00000000), ref: 028D4B3E
                                                  • GetProcAddress.KERNEL32(00000000), ref: 028D4B45
                                                  • WriteProcessMemory.KERNEL32(000000FF,?,?,?,00000000,?,?,?,00000000,?,028D460B,00000100,?,000000FF,00000000), ref: 028D4B7F
                                                  • WriteProcessMemory.KERNEL32(000000FF,?,?,?,00000000,?,?,?,00000000,?,028D460B,00000100,?,000000FF,00000000), ref: 028D4BB4
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocMemoryProcessVirtualWrite$AddressHandleModuleProc
                                                  • String ID: NtLockVirtualMemory$ntdll
                                                  • API String ID: 1502369038-2974287352
                                                  • Opcode ID: 24db26b5bc7cae5b8ffc1464a2f07868f4edaf4cdba768dadf8ca9855887812d
                                                  • Instruction ID: cf72de4b43d70c66b1e5536800fc9358d7cf0dfb0c0551abf6093cc67d05cbac
                                                  • Opcode Fuzzy Hash: 24db26b5bc7cae5b8ffc1464a2f07868f4edaf4cdba768dadf8ca9855887812d
                                                  • Instruction Fuzzy Hash: 89315C7A640601FBDB588FA4CC85FA5B7A4FF18750F004609F66AD6680D7B0B9948F94
                                                  Function 02B61C7E Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 81COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _wprintf.LIBCMT ref: 02B61D1A
                                                  • _wprintf.LIBCMT ref: 02B61D3B
                                                    • Part of subcall function 02B7C639: __stbuf.LIBCMT ref: 02B7C689
                                                    • Part of subcall function 02B7C639: __output_l.LIBCMT ref: 02B7C6A2
                                                    • Part of subcall function 02B7C639: __ftbuf.LIBCMT ref: 02B7C6B6
                                                  • _wprintf.LIBCMT ref: 02B61D48
                                                  • _wprintf.LIBCMT ref: 02B61D68
                                                  • _wprintf.LIBCMT ref: 02B61D7D
                                                  • _wprintf.LIBCMT ref: 02B61D88
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _wprintf$__ftbuf__output_l__stbuf
                                                  • String ID: '%c'$type: %s
                                                  • API String ID: 2991887721-1691650639
                                                  • Opcode ID: 1638b4c3f70c5f1b075b6396a8b314381e9f9e8420fc02b701d4d7968b27e08d
                                                  • Instruction ID: 4b474886869b6ea5341ccd7bf02d8cd79da459827a91451e90f6e4e1fdef922c
                                                  • Opcode Fuzzy Hash: 1638b4c3f70c5f1b075b6396a8b314381e9f9e8420fc02b701d4d7968b27e08d
                                                  • Instruction Fuzzy Hash: A921D276E11219BA9F149F98A5C84FEBFB5EF05258F5000EDDC543B210C335694ACFA4
                                                  Function 028D6CD7 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 72libraryloaderthreadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateRemoteThread.KERNEL32(00000000,00000000,?,?,?,?,00000000), ref: 028D6CFF
                                                  • GetLastError.KERNEL32 ref: 028D6D08
                                                  • GetModuleHandleA.KERNEL32(ntdll,RtlCreateUserThread), ref: 028D6D31
                                                  • GetProcAddress.KERNEL32(00000000), ref: 028D6D38
                                                  • SetLastError.KERNEL32(00000000), ref: 028D6D72
                                                  • SetLastError.KERNEL32(00000008), ref: 028D6D89
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLast$AddressCreateHandleModuleProcRemoteThread
                                                  • String ID: RtlCreateUserThread$ntdll
                                                  • API String ID: 1699155657-687317052
                                                  • Opcode ID: d300b64ce0e3f1224df1a09bfc39b972439ceecfd1117d99c87d06987750ad34
                                                  • Instruction ID: a836c230e1c41cf935fa8f8ec98128d7cd7f21d18c06c6cb10f236301281d9c4
                                                  • Opcode Fuzzy Hash: d300b64ce0e3f1224df1a09bfc39b972439ceecfd1117d99c87d06987750ad34
                                                  • Instruction Fuzzy Hash: 93213E7D940219EFDB509F56EC48EAA3BBDEB44294F004415FE19E2140E735AD65CFA0
                                                  Function 02B59C8B Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 64libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryA.KERNEL32(kernel32.dll,00000006,00000006,00000000,00000000,?,02B59C23,?,00000006,00000006,00000000,?,02B5776F,00000000,?,?), ref: 02B59CB3
                                                  • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02B59CC5
                                                  • OpenProcess.KERNEL32(00000400,00000000,?,?,?,02B59C23,?,00000006,00000006,00000000,?,02B5776F,00000000,?,?,02B57723), ref: 02B59CDE
                                                  • OpenProcess.KERNEL32(00001000,00000000,?,?,02B59C23,?,00000006,00000006,00000000,?,02B5776F,00000000,?,?,02B57723), ref: 02B59CF3
                                                  • CloseHandle.KERNEL32(00000000,?,02B59C23,?,00000006,00000006,00000000,?,02B5776F,00000000,?,?,02B57723,?,02B57723,?), ref: 02B59D20
                                                  • FreeLibrary.KERNEL32(00000000,?,02B59C23,?,00000006,00000006,00000000,?,02B5776F,00000000,?,?,02B57723,?,02B57723,?), ref: 02B59D28
                                                    • Part of subcall function 02B59D36: LoadLibraryA.KERNEL32(kernel32.dll,00000006,?), ref: 02B59D54
                                                    • Part of subcall function 02B59D36: GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 02B59D66
                                                    • Part of subcall function 02B59D36: FreeLibrary.KERNEL32(00000000), ref: 02B59D94
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Library$AddressFreeLoadOpenProcProcess$CloseHandle
                                                  • String ID: IsWow64Process$kernel32.dll
                                                  • API String ID: 2823223814-3024904723
                                                  • Opcode ID: 26a508fa6a926b302499b5a5e39cf7b493635b1336b6d03c15ea628314fc327f
                                                  • Instruction ID: 39decb1e951b1d9b7999e36f82e5200cbd2df8dd10c130240e80740732748a99
                                                  • Opcode Fuzzy Hash: 26a508fa6a926b302499b5a5e39cf7b493635b1336b6d03c15ea628314fc327f
                                                  • Instruction Fuzzy Hash: 9D112732D5073AFBEB214B69DD49BAA7BACEB45792F0004A1FD08DB140DB71D9409AE0
                                                  Function 06543518 Relevance: 14.0, APIs: 5, Strings: 3, Instructions: 46libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleA.KERNEL32(ntdll.dll,?,?,065439B5,?,?,?,00000000,00000000,06543CDD,00000000,?,?,06543CDD,?,00000000), ref: 06543521
                                                  • GetProcAddress.KERNEL32(00000000,NtWow64ReadVirtualMemory64), ref: 0654352F
                                                  • SetLastError.KERNEL32(00000078,?,065439B5,?,?,?,00000000,00000000,06543CDD,00000000,?,?,06543CDD,?,00000000,?), ref: 0654353B
                                                  • GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 06543568
                                                  • SetLastError.KERNEL32(0000001E,?,065439B5,?,?,?,00000000,00000000,06543CDD,00000000,?,?,06543CDD,?,00000000,?), ref: 0654357A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: AddressErrorLastProc$HandleModule
                                                  • String ID: NtWow64ReadVirtualMemory64$RtlNtStatusToDosError$ntdll.dll
                                                  • API String ID: 3725234143-3639149031
                                                  • Opcode ID: bafbfc0bcde96fc7aac1699257d5f69c414de80a0ac02650bb8ff6764a5c255c
                                                  • Instruction ID: 7a328631b84781e831528a61aa06306abde0f36723276db5ed0bdbc8fcc36821
                                                  • Opcode Fuzzy Hash: bafbfc0bcde96fc7aac1699257d5f69c414de80a0ac02650bb8ff6764a5c255c
                                                  • Instruction Fuzzy Hash: 4FF08C32644205BFDB912FB29C1DAAE3F69FF48BA5F000464FE06D4020EA60D525EAA1
                                                  Function 065437AB Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _rand$__snprintf_s$ErrorLast
                                                  • String ID: Global\%04x%04x
                                                  • API String ID: 1380742243-448994476
                                                  • Opcode ID: 52d2be50aaff8f20ba68fc78ed7f4d87aec2447a29c384a8986bd6c83849c4ad
                                                  • Instruction ID: f3597a861f4a36b94cb490ca93e6848706d41ba648f0e60d6b0f73b153fce129
                                                  • Opcode Fuzzy Hash: 52d2be50aaff8f20ba68fc78ed7f4d87aec2447a29c384a8986bd6c83849c4ad
                                                  • Instruction Fuzzy Hash: C2F0D172904700BFCAA0FE699C44E4B37DCAB88625B100A69F56DE7190FA20A40047A4
                                                  Function 06543742 Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _rand$__snprintf_s$ErrorLast
                                                  • String ID: Global\%04x%04x
                                                  • API String ID: 1380742243-448994476
                                                  • Opcode ID: 3c0a2c4c2e2ef0055ef1c3aed9665815c850e4fd3cb5c4f7e153a53d5b27c92a
                                                  • Instruction ID: 5febbd3e6fa606f9ccb2c849f83a3401a2bb5e295fbc2269ab7a9a81b18cd1e2
                                                  • Opcode Fuzzy Hash: 3c0a2c4c2e2ef0055ef1c3aed9665815c850e4fd3cb5c4f7e153a53d5b27c92a
                                                  • Instruction Fuzzy Hash: 94F0C273918704BFDAA0FE69DC84F5B339CBFC4776F100E64F5A9A61D0EA60A50446A4
                                                  Function 028A6B8F Relevance: 13.7, APIs: 9, Instructions: 235COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free$_memmove$_calloc_memcmp$_malloc
                                                  • String ID:
                                                  • API String ID: 2902935266-0
                                                  • Opcode ID: 83373f004a4a649c9e6bdc66322f3ebace4b9ecda5cd3fd20b24fbd89ebc3581
                                                  • Instruction ID: 372f5d9762d627e055365c9166a64fd197391ef3788871978fffab72742af241
                                                  • Opcode Fuzzy Hash: 83373f004a4a649c9e6bdc66322f3ebace4b9ecda5cd3fd20b24fbd89ebc3581
                                                  • Instruction Fuzzy Hash: 0B819F7A800214BBEB109F68DC94BEA37A9EF05710F18407AFD48DF155EFB5A590CBA1
                                                  Function 028A66F2 Relevance: 13.7, APIs: 9, Instructions: 230COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free
                                                  • String ID:
                                                  • API String ID: 269201875-0
                                                  • Opcode ID: 3427730d37a9b8fa76f9135157a23e442fd2a17a14b8fdb16d973c5dec3d7db3
                                                  • Instruction ID: 2d22233433af077e3b254bec9402a1273a92e7f720cd92fb0bea94a4bf398dbc
                                                  • Opcode Fuzzy Hash: 3427730d37a9b8fa76f9135157a23e442fd2a17a14b8fdb16d973c5dec3d7db3
                                                  • Instruction Fuzzy Hash: F171E07D600615BBEB259F34CC90FEAB7ADFF08710F04422AF519D6190EF70A9918BA1
                                                  Function 028D8C26 Relevance: 13.6, APIs: 9, Instructions: 97networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLast$Startup_memsetfreeaddrinfogetaddrinfosocket
                                                  • String ID:
                                                  • API String ID: 3817943115-0
                                                  • Opcode ID: f6a6df4c257695fb607c223bccc9b3928301c45010d36673b13c30f5b0002e15
                                                  • Instruction ID: 41fe6849818c525a3f999894bf37798d26469dbf4a5f6d5ce9489fb67948eb1c
                                                  • Opcode Fuzzy Hash: f6a6df4c257695fb607c223bccc9b3928301c45010d36673b13c30f5b0002e15
                                                  • Instruction Fuzzy Hash: 5131597D901208EFDB10EFA4D848A9EBB79EF04320F004959E919E7280D734AA65CFA1
                                                  Function 065446AD Relevance: 13.6, APIs: 9, Instructions: 65COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F,00000000,00000000), ref: 065446D5
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,065420D6,00000000), ref: 065446E1
                                                  • SetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,065420D6,00000000), ref: 06544748
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$ManagerOpen
                                                  • String ID:
                                                  • API String ID: 239337868-0
                                                  • Opcode ID: 220bb0d7f9713352c3d84a5a3b30ed62123690ff97d8f0029a635f5e6156eb9e
                                                  • Instruction ID: 67965940cdbe873bd7645a07f20e32a441d768d4871b49d8e016a0d6e9afcbab
                                                  • Opcode Fuzzy Hash: 220bb0d7f9713352c3d84a5a3b30ed62123690ff97d8f0029a635f5e6156eb9e
                                                  • Instruction Fuzzy Hash: 7F11B231940214BBDB516BA4DC0CBAD7BE9FB096A9F004061FE05E6150FA709506AAE1
                                                  Function 028D92E4 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 99COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _mbstowcs_s.LIBCMT ref: 028D9318
                                                    • Part of subcall function 028E1157: __wcstombs_s_l.LIBCMT ref: 028E116B
                                                    • Part of subcall function 028D5466: GetSystemTime.KERNEL32(?,?,?,?,?,?,028D7D9A), ref: 028D5470
                                                    • Part of subcall function 028D5466: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,028D7D9A), ref: 028D547E
                                                    • Part of subcall function 028D5466: __aulldiv.LIBCMT ref: 028D549E
                                                  • _strncmp.LIBCMT ref: 028D9333
                                                  • _strrchr.LIBCMT ref: 028D935A
                                                  • _strrchr.LIBCMT ref: 028D9372
                                                    • Part of subcall function 028E40F6: __wcstoi64.LIBCMT ref: 028E4100
                                                    • Part of subcall function 028D8C26: _memset.LIBCMT ref: 028D8C4D
                                                    • Part of subcall function 028D8C26: WSAStartup.WS2_32(00000202,?), ref: 028D8C61
                                                    • Part of subcall function 028D8C26: WSAGetLastError.WS2_32 ref: 028D8C6B
                                                  • SetHandleInformation.KERNEL32(?,00000001,00000000), ref: 028D93DF
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Time$System_strrchr$ErrorFileHandleInformationLastStartup__aulldiv__wcstoi64__wcstombs_s_l_mbstowcs_s_memset_strncmp
                                                  • String ID: 6$tcp
                                                  • API String ID: 1158548289-2319321990
                                                  • Opcode ID: ce7214fccb79251f70892fdec0deb1470609b644e19fa84ec8715e19c2c13c60
                                                  • Instruction ID: e9314fb30352dfc4e1e0f92f479a5a0bf34d4bd6a13d0a9b97c61cf899d17b08
                                                  • Opcode Fuzzy Hash: ce7214fccb79251f70892fdec0deb1470609b644e19fa84ec8715e19c2c13c60
                                                  • Instruction Fuzzy Hash: 3F315E7E8003047FEF26BB28DC49FAA77ADAF45304F444059F64AD7180EBB6A9048B52
                                                  Function 028D7C10 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 94pipeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 028D7B7F: GetCurrentProcess.KERNEL32(00000028,?,?,?,?,?,?,028D7C2B,SeSecurityPrivilege,00000001,?,?,00000000,?), ref: 028D7B8B
                                                    • Part of subcall function 028D7B7F: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,028D7C2B,SeSecurityPrivilege,00000001,?,?,00000000,?), ref: 028D7B92
                                                    • Part of subcall function 028D7B7F: GetLastError.KERNEL32(?,?,?,?,?,028D7C2B,SeSecurityPrivilege,00000001,?,?,00000000,?,?,?,?,?), ref: 028D7B9C
                                                  • CreateNamedPipeA.KERNEL32(?,40000003,00000000,000000FF,00010000,00010000,00000000,?), ref: 028D7C69
                                                  • CreateNamedPipeA.KERNEL32(?,40000003,00000000,000000FF,00010000,00010000,00000000,00000000), ref: 028D7CAC
                                                  • GetLastError.KERNEL32 ref: 028D7CB9
                                                    • Part of subcall function 028D7A78: AllocateAndInitializeSid.ADVAPI32(?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,759222C0), ref: 028D7AA6
                                                    • Part of subcall function 028D7A78: SetEntriesInAclW.ADVAPI32(00000001,?,00000000,?,?), ref: 028D7AEA
                                                    • Part of subcall function 028D7A78: AllocateAndInitializeSid.ADVAPI32(?,00000001,00001000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,028D7C4D), ref: 028D7B12
                                                    • Part of subcall function 028D7A78: LocalAlloc.KERNEL32(00000040,00000100), ref: 028D7B22
                                                    • Part of subcall function 028D7A78: InitializeAcl.ADVAPI32(00000000,00000100,00000004), ref: 028D7B2A
                                                    • Part of subcall function 028D7A78: LocalAlloc.KERNEL32(00000040,00000014,00000000,00000004,00000004,00000000,028D7C4D), ref: 028D7B44
                                                    • Part of subcall function 028D7A78: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 028D7B4B
                                                    • Part of subcall function 028D7A78: SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,?,00000000), ref: 028D7B58
                                                    • Part of subcall function 028D7A78: SetSecurityDescriptorSacl.ADVAPI32(00000000,00000001,00000000,00000000), ref: 028D7B63
                                                  • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000), ref: 028D7CCF
                                                  • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 028D7CDD
                                                    • Part of subcall function 028D7B7F: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,?), ref: 028D7BAD
                                                    • Part of subcall function 028D7B7F: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000010,?,00000000), ref: 028D7BEA
                                                    • Part of subcall function 028D7B7F: CloseHandle.KERNEL32(?), ref: 028D7C04
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateInitialize$DescriptorSecurity$AllocAllocateErrorEventLastLocalNamedPipeProcessToken$AdjustCloseCurrentDaclEntriesHandleLookupOpenPrivilegePrivilegesSaclValue
                                                  • String ID: SeSecurityPrivilege$SeSecurityPrivilege
                                                  • API String ID: 2580897795-1340523147
                                                  • Opcode ID: 270ea1df9d5e790328b34fbf9feaa67ff82a37f08299ed35a0d33f7889f641da
                                                  • Instruction ID: e6afb58aac0391a923fe51fcd08ad40527706ea8794248e3af744bc3344be16f
                                                  • Opcode Fuzzy Hash: 270ea1df9d5e790328b34fbf9feaa67ff82a37f08299ed35a0d33f7889f641da
                                                  • Instruction Fuzzy Hash: E521A278A40626BAF7219B669C45FEBFBACEF097A0F400521F61CD2180D7709654C6E1
                                                  Function 02B545D2 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 80COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetFileAttributesExW.KERNEL32(?,00000000,?,?,?,02B5420B,00000000,02B5368A,?,02B5368A,?,?), ref: 02B545E1
                                                  • GetLastError.KERNEL32(?,?,02B5420B,00000000,02B5368A,?,02B5368A,?,?), ref: 02B545EB
                                                  • _wcsrchr.LIBCMT ref: 02B5462D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: AttributesErrorFileLast_wcsrchr
                                                  • String ID: .bat$.cmd$.com$.exe
                                                  • API String ID: 1998060080-4019086052
                                                  • Opcode ID: f1f464b1908a5487c29cd0462731832d6fb2ecf1271f1ebd82fb5ae3a7593b1c
                                                  • Instruction ID: f95877b1bcab84cf4bf497ee7ed0827703e2ae787b099edb40362656cdcb100d
                                                  • Opcode Fuzzy Hash: f1f464b1908a5487c29cd0462731832d6fb2ecf1271f1ebd82fb5ae3a7593b1c
                                                  • Instruction Fuzzy Hash: D711087310462B6AAB186D69EC41F9A37EDDF013B472000F6FE24ED1C0EF52DA8149A4
                                                  Function 02B5E7A8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 72windowregistryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 02B5E7DA
                                                  • RegisterClassExA.USER32(?), ref: 02B5E800
                                                  • CreateWindowExA.USER32(00000000,klwClass,00000000,00000000,00000000,00000000,00000000,00000000,000000FD,00000000,00000000), ref: 02B5E81D
                                                  • TranslateMessage.USER32(?), ref: 02B5E83C
                                                  • DispatchMessageA.USER32(?), ref: 02B5E846
                                                  • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 02B5E853
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Message$ClassCreateDispatchRegisterTranslateWindow_memset
                                                  • String ID: klwClass
                                                  • API String ID: 3653855423-1480243690
                                                  • Opcode ID: b8df0c12b5319aae4ab4b34e18d0e0bfc48bdb9a543963bc0ad89fab1e3d791c
                                                  • Instruction ID: 3d2d123919593d98f100c87b6c3a9917a72755d0e14444d0fd5abbc71453d080
                                                  • Opcode Fuzzy Hash: b8df0c12b5319aae4ab4b34e18d0e0bfc48bdb9a543963bc0ad89fab1e3d791c
                                                  • Instruction Fuzzy Hash: B8116D71C0022ABACB20DBA99D09F9F7BBCEB85794F0044AAED1897140D734D615CBA0
                                                  Function 02B5DC1C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 61libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryA.KERNEL32 ref: 02B5DC3E
                                                  • GetLastError.KERNEL32 ref: 02B5DC4A
                                                  • GetProcAddress.KERNEL32(00000000,GetLastInputInfo), ref: 02B5DC5A
                                                  • GetTickCount.KERNEL32 ref: 02B5DC7B
                                                  • FreeLibrary.KERNEL32(00000000), ref: 02B5DCAA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Library$AddressCountErrorFreeLastLoadProcTick
                                                  • String ID: GetLastInputInfo
                                                  • API String ID: 1606095281-4154382141
                                                  • Opcode ID: ebab5d1cf948cefece3ab481261557f4c74564b3fda49e02ddab03a24b68cee4
                                                  • Instruction ID: d98ce6fc1d964af188a39329b8958de56d920caa8e066de971720523d8e3c9eb
                                                  • Opcode Fuzzy Hash: ebab5d1cf948cefece3ab481261557f4c74564b3fda49e02ddab03a24b68cee4
                                                  • Instruction Fuzzy Hash: 0D11C135E50216AFDB00AF78DD49A6E7BB9FF45281B0445A4FC09E7200DB719920DBA1
                                                  Function 02B57CAA Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 59libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _strlen.LIBCMT ref: 02B57CC4
                                                  • _malloc.LIBCMT ref: 02B57CD0
                                                    • Part of subcall function 02B79C52: __FF_MSGBANNER.LIBCMT ref: 02B79C69
                                                    • Part of subcall function 02B79C52: __NMSG_WRITE.LIBCMT ref: 02B79C70
                                                    • Part of subcall function 02B79C52: RtlAllocateHeap.NTDLL(00A40000,00000000,00000001,00000000,00000000,00000000,?,02B87D0E,?,?,?,00000000,?,02B87EE1,00000018,02B99648), ref: 02B79C95
                                                  • GetModuleHandleA.KERNEL32(kernel32,GetProcAddress,00000000,00000000,00000000,02B578DA,00000000,?,00000000,?), ref: 02B57CEC
                                                  • GetProcAddress.KERNEL32(00000000), ref: 02B57CF3
                                                  • _free.LIBCMT ref: 02B57D24
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: AddressAllocateHandleHeapModuleProc_free_malloc_strlen
                                                  • String ID: GetProcAddress$kernel32
                                                  • API String ID: 4045102549-2374084194
                                                  • Opcode ID: 34e7e677d36839e9d359ff1c64345dc10ad6c7bcb743047e10bb5bf643436cb3
                                                  • Instruction ID: 2779ef74b41b46b8d97c68d6eff0d9475f3e46dfaa80c97987c2111ecd884fce
                                                  • Opcode Fuzzy Hash: 34e7e677d36839e9d359ff1c64345dc10ad6c7bcb743047e10bb5bf643436cb3
                                                  • Instruction Fuzzy Hash: 6C01F576A4061EBBDF11EF68DD45D9B7BAEFF45390B0004A1FD1DAB100DAB1A8109BB0
                                                  Function 02B57C26 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 56libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _strlen.LIBCMT ref: 02B57C3F
                                                  • _malloc.LIBCMT ref: 02B57C4B
                                                    • Part of subcall function 02B79C52: __FF_MSGBANNER.LIBCMT ref: 02B79C69
                                                    • Part of subcall function 02B79C52: __NMSG_WRITE.LIBCMT ref: 02B79C70
                                                    • Part of subcall function 02B79C52: RtlAllocateHeap.NTDLL(00A40000,00000000,00000001,00000000,00000000,00000000,?,02B87D0E,?,?,?,00000000,?,02B87EE1,00000018,02B99648), ref: 02B79C95
                                                  • GetModuleHandleA.KERNEL32(kernel32,LoadLibraryA,00000000,00000000,00000000,02B577E7,00000000,00000000,?), ref: 02B57C67
                                                  • GetProcAddress.KERNEL32(00000000), ref: 02B57C6E
                                                  • _free.LIBCMT ref: 02B57C99
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: AddressAllocateHandleHeapModuleProc_free_malloc_strlen
                                                  • String ID: LoadLibraryA$kernel32
                                                  • API String ID: 4045102549-970291620
                                                  • Opcode ID: a571bf19ab0e733e7a52c73e68740dbb8dd944bf0b9cb15325fd95fe493bc64d
                                                  • Instruction ID: 96db6c874766af5e22613a5bbc8240042efdc4b3c447d358122586f6430d2281
                                                  • Opcode Fuzzy Hash: a571bf19ab0e733e7a52c73e68740dbb8dd944bf0b9cb15325fd95fe493bc64d
                                                  • Instruction Fuzzy Hash: 51014C3694062ABBDF11AFA5DC45D9F7B6EFF41391B0008A2FD28AB000DA7194119BE0
                                                  Function 028DA2A2 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 53networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • HttpOpenRequestW.WININET(?,GET,?,00000000,00000000,00000000,84600200,00000000), ref: 028DA2D8
                                                  • SetLastError.KERNEL32(00000490), ref: 028DA2E9
                                                  • InternetSetOptionW.WININET(00000000,0000001F,?,00000004), ref: 028DA305
                                                  • SetLastError.KERNEL32(00000490), ref: 028DA314
                                                  • InternetCloseHandle.WININET(00000000), ref: 028DA31B
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorInternetLast$CloseHandleHttpOpenOptionRequest
                                                  • String ID: GET$POST
                                                  • API String ID: 4051435859-3192705859
                                                  • Opcode ID: b9003f737cbcc7cca6e5eda991e5b6317d3a87bdd7cde377daa5047464c15fa7
                                                  • Instruction ID: c05f4cd20afb6eb13f917d82540aa1794731e4c5605183d590871575b9047ad5
                                                  • Opcode Fuzzy Hash: b9003f737cbcc7cca6e5eda991e5b6317d3a87bdd7cde377daa5047464c15fa7
                                                  • Instruction Fuzzy Hash: C501757C680209FFE7544E969C89E6677ACEB44799F504039FB19D6180D770CD588BA0
                                                  Function 028D7FEB Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryA.KERNEL32(kernel32.dll,0000001C,00000000,?,028D7E6B), ref: 028D8002
                                                  • GetProcAddress.KERNEL32(00000000,ProcessIdToSessionId), ref: 028D8014
                                                  • GetCurrentProcessId.KERNEL32(028D7E6B,0000001C,00000000,?,028D7E6B), ref: 028D802E
                                                  • ProcessIdToSessionId.KERNEL32(00000000,?,028D7E6B), ref: 028D8035
                                                  • FreeLibrary.KERNEL32(00000000,?,028D7E6B), ref: 028D804E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: LibraryProcess$AddressCurrentFreeLoadProcSession
                                                  • String ID: ProcessIdToSessionId$kernel32.dll
                                                  • API String ID: 4183634105-3889420803
                                                  • Opcode ID: 24a4d15630fdc65eb33bad27f90e8e1f88a34c3f5bc406f247d86cec5806437e
                                                  • Instruction ID: 37352cd779d48cfc02152c5381aef49b885d484540a045c23f643a9abde82e6c
                                                  • Opcode Fuzzy Hash: 24a4d15630fdc65eb33bad27f90e8e1f88a34c3f5bc406f247d86cec5806437e
                                                  • Instruction Fuzzy Hash: B5F0D13DD81718EBA750CBA49808E9DB368FF086213000A55FE0AE3280DB308E119B90
                                                  Function 028A5185 Relevance: 12.2, APIs: 8, Instructions: 182COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 028A48E8: __time64.LIBCMT ref: 028A48F6
                                                    • Part of subcall function 028A48E8: _rand.LIBCMT ref: 028A490F
                                                    • Part of subcall function 028A48E8: _rand.LIBCMT ref: 028A4923
                                                    • Part of subcall function 028A48E8: _rand.LIBCMT ref: 028A4930
                                                    • Part of subcall function 028A48E8: _rand.LIBCMT ref: 028A493D
                                                  • _memcpy_s.LIBCMT ref: 028A51B1
                                                  • _memcpy_s.LIBCMT ref: 028A528C
                                                  • _memcpy_s.LIBCMT ref: 028A52D6
                                                  • _memcpy_s.LIBCMT ref: 028A52E6
                                                  • _malloc.LIBCMT ref: 028A5264
                                                    • Part of subcall function 028AF4B0: __FF_MSGBANNER.LIBCMT ref: 028AF4C7
                                                    • Part of subcall function 028AF4B0: __NMSG_WRITE.LIBCMT ref: 028AF4CE
                                                  • _malloc.LIBCMT ref: 028A530B
                                                  • _memcpy_s.LIBCMT ref: 028A5329
                                                  • _memcpy_s.LIBCMT ref: 028A533B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _memcpy_s$_rand$_malloc$__time64
                                                  • String ID:
                                                  • API String ID: 2880942210-0
                                                  • Opcode ID: 93894e6e7e11e4714845bec4fd46e011e4e12e8056316dc727a54593f8b91e7f
                                                  • Instruction ID: 0041220618557ae706dd09d2d41f6b3198e306e184e948bd028abbec5ea42cda
                                                  • Opcode Fuzzy Hash: 93894e6e7e11e4714845bec4fd46e011e4e12e8056316dc727a54593f8b91e7f
                                                  • Instruction Fuzzy Hash: C6618DB9900208AFEB119FA8CC85FAA3BB9FF08314F154055F908EB251D7B5E990DF61
                                                  Function 028A94C5 Relevance: 12.2, APIs: 8, Instructions: 163COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _malloc$_memset$__aulldiv_free_memcmp_memmove
                                                  • String ID:
                                                  • API String ID: 3316937673-0
                                                  • Opcode ID: d55bc4243df32160daa187a1fe2bd92003dbdf75d4645a2c8cfaaf06d08e7e7f
                                                  • Instruction ID: bc12e4132ef49b1ab6282f6b177596081ed861b5054640c1982eda251da8a661
                                                  • Opcode Fuzzy Hash: d55bc4243df32160daa187a1fe2bd92003dbdf75d4645a2c8cfaaf06d08e7e7f
                                                  • Instruction Fuzzy Hash: 1451ADB9504700AFE724EF38C851A96B7E9FF04310F50856EEA4ADB681EB75E540CF91
                                                  Function 028A64F2 Relevance: 12.1, APIs: 8, Instructions: 149COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _calloc_memmove$___from_strstr_to_strchr__snprintf_s_free_malloc
                                                  • String ID:
                                                  • API String ID: 3263195834-0
                                                  • Opcode ID: 90dcd99b244df76bd6a67ecdd2bab2e454481e1f132cfec8ecf2e27daaff581b
                                                  • Instruction ID: 4f4c8fe30d0f8d3fc94f5db2a26386c2a747c1541f0d11f1dbd460f673d20f38
                                                  • Opcode Fuzzy Hash: 90dcd99b244df76bd6a67ecdd2bab2e454481e1f132cfec8ecf2e27daaff581b
                                                  • Instruction Fuzzy Hash: 1C41377D900715BBFB21AB7C9C61FABB3ADAF00710F180529EA0CE6185FF71D5108A95
                                                  Function 02B59A9F Relevance: 12.1, APIs: 8, Instructions: 112COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 02B59AB2
                                                    • Part of subcall function 02B574D1: LoadLibraryA.KERNEL32(kernel32.dll), ref: 02B574E9
                                                    • Part of subcall function 02B574D1: GetProcAddress.KERNEL32(00000000,ProcessIdToSessionId), ref: 02B574FB
                                                    • Part of subcall function 02B574D1: FreeLibrary.KERNEL32(00000000), ref: 02B5752D
                                                  • htonl.WS2_32(?), ref: 02B59ADD
                                                  • _strlen.LIBCMT ref: 02B59B19
                                                  • _strlen.LIBCMT ref: 02B59B4F
                                                  • _strlen.LIBCMT ref: 02B59B83
                                                  • htonl.WS2_32(?), ref: 02B59BA1
                                                  • htonl.WS2_32(?), ref: 02B59BBC
                                                  • htonl.WS2_32(?), ref: 02B59BD4
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: htonl$_strlen$Library$AddressFreeLoadProc_memset
                                                  • String ID:
                                                  • API String ID: 2172502808-0
                                                  • Opcode ID: b202f99eecc12c8c1127b566cb0843d74d4ddff256891bca457ef3c2578f1723
                                                  • Instruction ID: 241eb7decaf3bd094353165f693a7cd871014e94b7772885de88a2fffd7db333
                                                  • Opcode Fuzzy Hash: b202f99eecc12c8c1127b566cb0843d74d4ddff256891bca457ef3c2578f1723
                                                  • Instruction Fuzzy Hash: 9E4106B1C01219EFCB01DFA8D888ADEBBF9FF08344F14406AE959A7201D7B59A55CF94
                                                  Function 028D4468 Relevance: 12.1, APIs: 8, Instructions: 104COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _malloc.LIBCMT ref: 028D44A2
                                                    • Part of subcall function 028E00B0: __FF_MSGBANNER.LIBCMT ref: 028E00C7
                                                    • Part of subcall function 028E00B0: __NMSG_WRITE.LIBCMT ref: 028E00CE
                                                    • Part of subcall function 028E00B0: RtlAllocateHeap.NTDLL(00A40000,00000000,00000001,00000000,00000000,00000000,?,028E9533,?,?,?,00000000,?,028E98AE,00000018,028F5608), ref: 028E00F3
                                                  • _free.LIBCMT ref: 028D4576
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateHeap_free_malloc
                                                  • String ID:
                                                  • API String ID: 1020059152-0
                                                  • Opcode ID: 3ca4507bf89d7f06ea60c4379a575958ab1178a2852d11338c8f59f8dc2f40bb
                                                  • Instruction ID: 38c468b6d6c4471ae56c5395ead9d7e7bf080d1c7f2ca2cdcd26eb3c9474d158
                                                  • Opcode Fuzzy Hash: 3ca4507bf89d7f06ea60c4379a575958ab1178a2852d11338c8f59f8dc2f40bb
                                                  • Instruction Fuzzy Hash: 473190BD900219EFCB00DFA8D840E5A7BB9EF08358B154166E909EB241EB71ED61CFD1
                                                  Function 02B5B04E Relevance: 12.1, APIs: 8, Instructions: 90threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 02B5B13E: VirtualAllocEx.KERNEL32(00000000,00000000,00000001,00001000,00000040,00000000,00000000,00000009,?,02B5B074,00000000,00000001,00000001,?,00000020,00000001), ref: 02B5B15F
                                                    • Part of subcall function 02B5B13E: WriteProcessMemory.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000009,?,02B5B074,00000000,00000001,00000001,?,00000020,00000001), ref: 02B5B178
                                                    • Part of subcall function 02B5B13E: VirtualProtectEx.KERNEL32(00000000,00000000,00000001,00000040,?,?,02B5B074,00000000,00000001,00000001,?,00000020,00000001,00000000), ref: 02B5B196
                                                    • Part of subcall function 02B5B13E: GetLastError.KERNEL32(?,02B5B074,00000000,00000001,00000001,?,00000020,00000001,00000000,?,?,02B57C96,00000001,?), ref: 02B5B1A0
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000D,00000000,00000009), ref: 02B5B0C1
                                                  • WaitForSingleObjectEx.KERNEL32(00000000,000003E8,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 02B5B0D8
                                                  • GetExitCodeThread.KERNEL32(00000000,00000000), ref: 02B5B0F6
                                                  • VirtualFreeEx.KERNEL32(00000000,?,00000000,00008000), ref: 02B5B107
                                                  • VirtualFreeEx.KERNEL32(00000000,00000009,00000000,00008000), ref: 02B5B11C
                                                  • GetLastError.KERNEL32 ref: 02B5B126
                                                  • CloseHandle.KERNEL32(00000000), ref: 02B5B12F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Virtual$ErrorLast$Free$AllocCloseCodeExitHandleMemoryObjectProcessProtectSingleThreadWaitWrite
                                                  • String ID:
                                                  • API String ID: 214912473-0
                                                  • Opcode ID: dc9ee9b44de4ac296718c3d3e2879ce1487e798ae5ca3bb4bc6ac8befbf90ff3
                                                  • Instruction ID: 659ec5d37ec222b134f0b21bda793c8b635955b39843a22e8b27ae1b18ddd12d
                                                  • Opcode Fuzzy Hash: dc9ee9b44de4ac296718c3d3e2879ce1487e798ae5ca3bb4bc6ac8befbf90ff3
                                                  • Instruction Fuzzy Hash: D621D532950226BBDB315E659D45FAF37ADEF08794F040091FE09EB280E77189609BA1
                                                  Function 02B5CD4F Relevance: 12.1, APIs: 8, Instructions: 82COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • OpenProcess.KERNEL32(00000400,00000000,00000000), ref: 02B5CD9A
                                                  • GetLastError.KERNEL32 ref: 02B5CDA6
                                                  • CloseHandle.KERNEL32(00000000), ref: 02B5CE1E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: CloseErrorHandleLastOpenProcess
                                                  • String ID:
                                                  • API String ID: 3453201768-0
                                                  • Opcode ID: dbbf7d87cd96ad2b4923929d4520e0f316b571c78cc1727ffdc60428655c91ea
                                                  • Instruction ID: 094d2fde8d940ad083fb39a634a1545b26cc4d2a7abb0312353f26a62e10101c
                                                  • Opcode Fuzzy Hash: dbbf7d87cd96ad2b4923929d4520e0f316b571c78cc1727ffdc60428655c91ea
                                                  • Instruction Fuzzy Hash: 4B218E35D40215FBCB119F68D949BAD7FBAEF44391F1404A6FD08EB190DB724A20EB90
                                                  Function 028D8B6D Relevance: 12.1, APIs: 8, Instructions: 63networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLastStartup_memsetgethostbynamehtonsinet_addrinet_ntoasocket
                                                  • String ID:
                                                  • API String ID: 2917347708-0
                                                  • Opcode ID: e070967a7747dbdddf9fee794ad176d0d03e51dc7e4756e770ad6aa902b734a6
                                                  • Instruction ID: 248ae655388965766f40371db224828209918e77238234a206f3ab0860ff4faa
                                                  • Opcode Fuzzy Hash: e070967a7747dbdddf9fee794ad176d0d03e51dc7e4756e770ad6aa902b734a6
                                                  • Instruction Fuzzy Hash: D2119A79A40208EFEB51DFA0DC49FAA77B9EF09300F000959FA09E6190EB7199608F51
                                                  Function 0654484C Relevance: 12.1, APIs: 8, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • OpenSCManagerA.ADVAPI32(00000000,00000000,00000001,00000000,00000000,00007530,00000000,00000000,00000000,?,?,06544728,?,00000001,00007530), ref: 06544864
                                                  • GetLastError.KERNEL32(?,?,06544728,?,00000001,00007530), ref: 06544870
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorLastManagerOpen
                                                  • String ID:
                                                  • API String ID: 2571844144-0
                                                  • Opcode ID: 1827294e0743e59204d3a53d6d86711e4bbfcce36c7999e0ebfc14e4579b1729
                                                  • Instruction ID: 5da8307923535d68905ffb03d905bc4d7b8652b8a2e53c234b4e8e742d7a5bc1
                                                  • Opcode Fuzzy Hash: 1827294e0743e59204d3a53d6d86711e4bbfcce36c7999e0ebfc14e4579b1729
                                                  • Instruction Fuzzy Hash: DC11A135980254BFE7216EA0D85CAAEBBEDFB4D669B000166FF02D2210E63098049AE0
                                                  Function 02B546A7 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 208COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _free
                                                  • String ID: *.*$iehistory$mapi
                                                  • API String ID: 269201875-3549654276
                                                  • Opcode ID: 527da7a47caa45941069dd578eda1c344802f305f9e643fd5cc2cc4034b81e9d
                                                  • Instruction ID: b90f9509833a62a35262c89decd447156c4fe66c48b28236bf9365936b94d72b
                                                  • Opcode Fuzzy Hash: 527da7a47caa45941069dd578eda1c344802f305f9e643fd5cc2cc4034b81e9d
                                                  • Instruction Fuzzy Hash: 0B615176D00219AFDB10DFA8D845EEFB7B9EF05350F1044AAFE15EB150EB719A448BA0
                                                  Function 028A77D0 Relevance: 10.7, APIs: 7, Instructions: 166COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free$_malloc$_memcpy_s_memmove
                                                  • String ID:
                                                  • API String ID: 440554447-0
                                                  • Opcode ID: b68e4c8c4fbdcaf831c34092a34560007f3673c8b874e0333cb03108e66a37f9
                                                  • Instruction ID: 42faf38aac9493b7676efede8e083296eb55b70cb20322331bfa016fdd8c6a3b
                                                  • Opcode Fuzzy Hash: b68e4c8c4fbdcaf831c34092a34560007f3673c8b874e0333cb03108e66a37f9
                                                  • Instruction Fuzzy Hash: 3851817E900209BBFB10ABA8CC95EEEB7BDAB08314F144065EA14E7150DF70E954DBA5
                                                  Function 028A75C7 Relevance: 10.6, APIs: 7, Instructions: 130COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _malloc.LIBCMT ref: 028A75D6
                                                    • Part of subcall function 028AF4B0: __FF_MSGBANNER.LIBCMT ref: 028AF4C7
                                                    • Part of subcall function 028AF4B0: __NMSG_WRITE.LIBCMT ref: 028AF4CE
                                                  • _memset.LIBCMT ref: 028A75E4
                                                  • _memmove.LIBCMT ref: 028A7603
                                                  • _memmove.LIBCMT ref: 028A7615
                                                  • _memset.LIBCMT ref: 028A7663
                                                  • _memset.LIBCMT ref: 028A76DB
                                                  • _memset.LIBCMT ref: 028A76E5
                                                    • Part of subcall function 028A93C0: _wcsncpy.LIBCMT ref: 028A93F2
                                                    • Part of subcall function 028A93C0: _wcsncpy.LIBCMT ref: 028A940F
                                                    • Part of subcall function 028A93C0: _memmove.LIBCMT ref: 028A9429
                                                    • Part of subcall function 028A93C0: _wcsncpy.LIBCMT ref: 028A9446
                                                    • Part of subcall function 028A93C0: _wcsncpy.LIBCMT ref: 028A9460
                                                    • Part of subcall function 028A93C0: _wcsncpy.LIBCMT ref: 028A947A
                                                    • Part of subcall function 028A93C0: _wcscpy.LIBCMT ref: 028A9492
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _wcsncpy$_memset$_memmove$_malloc_wcscpy
                                                  • String ID:
                                                  • API String ID: 4227099964-0
                                                  • Opcode ID: 101c0e1534196854a9ee43b9f6788e1f7d6ac13dff81c0d2029431dde9d886a9
                                                  • Instruction ID: 677bf6997f088734507648d51a2fba2e118501f5be65fba793ea6799627d59e9
                                                  • Opcode Fuzzy Hash: 101c0e1534196854a9ee43b9f6788e1f7d6ac13dff81c0d2029431dde9d886a9
                                                  • Instruction Fuzzy Hash: 4641607D500208ABEB209F6DCC90F9EBBA9EF54314F044459EA08EB242DF75E950DBA5
                                                  Function 028D81C7 Relevance: 10.6, APIs: 7, Instructions: 130COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _malloc.LIBCMT ref: 028D81D6
                                                    • Part of subcall function 028E00B0: __FF_MSGBANNER.LIBCMT ref: 028E00C7
                                                    • Part of subcall function 028E00B0: __NMSG_WRITE.LIBCMT ref: 028E00CE
                                                    • Part of subcall function 028E00B0: RtlAllocateHeap.NTDLL(00A40000,00000000,00000001,00000000,00000000,00000000,?,028E9533,?,?,?,00000000,?,028E98AE,00000018,028F5608), ref: 028E00F3
                                                  • _memset.LIBCMT ref: 028D81E4
                                                  • _memmove.LIBCMT ref: 028D8203
                                                  • _memmove.LIBCMT ref: 028D8215
                                                  • _memset.LIBCMT ref: 028D8263
                                                  • _memset.LIBCMT ref: 028D82DB
                                                  • _memset.LIBCMT ref: 028D82E5
                                                    • Part of subcall function 028D9FC0: _wcsncpy.LIBCMT ref: 028D9FF2
                                                    • Part of subcall function 028D9FC0: _wcsncpy.LIBCMT ref: 028DA00F
                                                    • Part of subcall function 028D9FC0: _memmove.LIBCMT ref: 028DA029
                                                    • Part of subcall function 028D9FC0: _wcsncpy.LIBCMT ref: 028DA046
                                                    • Part of subcall function 028D9FC0: _wcsncpy.LIBCMT ref: 028DA060
                                                    • Part of subcall function 028D9FC0: _wcsncpy.LIBCMT ref: 028DA07A
                                                    • Part of subcall function 028D9FC0: _wcscpy.LIBCMT ref: 028DA092
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _wcsncpy$_memset$_memmove$AllocateHeap_malloc_wcscpy
                                                  • String ID:
                                                  • API String ID: 3181563560-0
                                                  • Opcode ID: 9b096d6bbd464c1d77d92670d4e1bd46f9c249fd7ce6731288e1b869f68f9570
                                                  • Instruction ID: 2d73d503d7f6d43878879dbb886fcde0381c6bd411cd5c6a63e72cafd21320e3
                                                  • Opcode Fuzzy Hash: 9b096d6bbd464c1d77d92670d4e1bd46f9c249fd7ce6731288e1b869f68f9570
                                                  • Instruction Fuzzy Hash: CF418E7D500608ABDF20AFA9CC80FAE77A9EF05354F048459E90AEB241D774EE158BA5
                                                  Function 028D6805 Relevance: 10.6, APIs: 7, Instructions: 121libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _malloc.LIBCMT ref: 028D6813
                                                    • Part of subcall function 028E00B0: __FF_MSGBANNER.LIBCMT ref: 028E00C7
                                                    • Part of subcall function 028E00B0: __NMSG_WRITE.LIBCMT ref: 028E00CE
                                                    • Part of subcall function 028E00B0: RtlAllocateHeap.NTDLL(00A40000,00000000,00000001,00000000,00000000,00000000,?,028E9533,?,?,?,00000000,?,028E98AE,00000018,028F5608), ref: 028E00F3
                                                  • _memset.LIBCMT ref: 028D6829
                                                  • GetProcAddress.KERNEL32(?,00000002), ref: 028D6870
                                                  • GetProcAddress.KERNEL32(00000000,00000003), ref: 028D6879
                                                  • GetProcAddress.KERNEL32(00000000,00000005), ref: 028D6882
                                                  • GetProcAddress.KERNEL32(00000000,00000004), ref: 028D688B
                                                  • _free.LIBCMT ref: 028D68E7
                                                    • Part of subcall function 028E0078: RtlFreeHeap.NTDLL(00000000,00000000,?,028E61E9,00000000,?,?,?,00000000,?,028E98AE,00000018,028F5608,00000008,028E97FB,?), ref: 028E008C
                                                    • Part of subcall function 028E0078: GetLastError.KERNEL32(00000000,?,028E61E9,00000000,?,?,?,00000000,?,028E98AE,00000018,028F5608,00000008,028E97FB,?,?), ref: 028E009E
                                                    • Part of subcall function 028D3A39: htonl.WS2_32(?), ref: 028D3A3F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AddressProc$Heap$AllocateErrorFreeLast_free_malloc_memsethtonl
                                                  • String ID:
                                                  • API String ID: 790098654-0
                                                  • Opcode ID: 9bb24f21106df4ce7e2025875d85ee1b2719ebb716bfede007c91b69270492a5
                                                  • Instruction ID: 46a69be3dcf5897ba473e0cb757e4ae57ddd295149a5ea1f22e2f3bd5d35b0e9
                                                  • Opcode Fuzzy Hash: 9bb24f21106df4ce7e2025875d85ee1b2719ebb716bfede007c91b69270492a5
                                                  • Instruction Fuzzy Hash: B741D27C98061AFFEB249F64E840F19BBB9FF04364F104019E618E7690E771A968CF91
                                                  Function 02B559DC Relevance: 10.6, APIs: 7, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _malloc.LIBCMT ref: 02B559EF
                                                    • Part of subcall function 02B79C52: __FF_MSGBANNER.LIBCMT ref: 02B79C69
                                                    • Part of subcall function 02B79C52: __NMSG_WRITE.LIBCMT ref: 02B79C70
                                                    • Part of subcall function 02B79C52: RtlAllocateHeap.NTDLL(00A40000,00000000,00000001,00000000,00000000,00000000,?,02B87D0E,?,?,?,00000000,?,02B87EE1,00000018,02B99648), ref: 02B79C95
                                                  • GetIpAddrTable.IPHLPAPI(00000000,00000018,00000001,00000000), ref: 02B55A0A
                                                  • GetIpAddrTable.IPHLPAPI(00000000,00000018,00000001,00000000,00000018,00000001,00000000), ref: 02B55A2C
                                                  • _free.LIBCMT ref: 02B55A36
                                                  • GetLastError.KERNEL32(00000000,00000018,00000001,00000000), ref: 02B55A3C
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: AddrTable$AllocateErrorHeapLast_free_malloc
                                                  • String ID:
                                                  • API String ID: 179063492-0
                                                  • Opcode ID: 6ac192a75c8cf7abbac69534b2f775a60d0bec8ca42a8b7a98482f2e650600ae
                                                  • Instruction ID: 99e430a63ebac0c5cf42439ad1e14a4fddaa1274c8b76a18aaa260f156b89740
                                                  • Opcode Fuzzy Hash: 6ac192a75c8cf7abbac69534b2f775a60d0bec8ca42a8b7a98482f2e650600ae
                                                  • Instruction Fuzzy Hash: 4B419076940615EFCB11DFA8DC85EAE77BAFF08351F100095FA08AB250C7B19A54CF94
                                                  Function 02B571F4 Relevance: 10.6, APIs: 7, Instructions: 108COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dff17dd365b11ffd81450150b3beaa49600c3b1ac81215df5793ffea013f3e6a
                                                  • Instruction ID: 4b592ef3b81cab3d12f759b4989a729247722deb3c753ec9824627594619dd18
                                                  • Opcode Fuzzy Hash: dff17dd365b11ffd81450150b3beaa49600c3b1ac81215df5793ffea013f3e6a
                                                  • Instruction Fuzzy Hash: B6319175A8021AAFDB109FA4D885BEAB7B9FF09360F104566FD049B280EB7189509B90
                                                  Function 02B51F0B Relevance: 10.6, APIs: 7, Instructions: 108COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _calloc.LIBCMT ref: 02B51F19
                                                    • Part of subcall function 02B79BDA: __calloc_impl.LIBCMT ref: 02B79BED
                                                    • Part of subcall function 02B51879: GetModuleHandleA.KERNEL32(iphlpapi,GetExtendedTcpTable,?,00000000,02B51F31,0000000A,00000418,00000001,00000000), ref: 02B5188D
                                                    • Part of subcall function 02B51879: GetProcAddress.KERNEL32(00000000), ref: 02B51894
                                                  • htonl.WS2_32(?), ref: 02B51F9E
                                                  • htonl.WS2_32(?), ref: 02B51FBA
                                                  • _strlen.LIBCMT ref: 02B51FDE
                                                  • _strlen.LIBCMT ref: 02B51FF5
                                                  • _strlen.LIBCMT ref: 02B5200C
                                                  • _free.LIBCMT ref: 02B52048
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _strlen$htonl$AddressHandleModuleProc__calloc_impl_calloc_free
                                                  • String ID:
                                                  • API String ID: 370709963-0
                                                  • Opcode ID: e3f0c4c8213acbb18b03fec9cfedecaaa27fcaebe5c7849e0d6dd162b258ed50
                                                  • Instruction ID: f941ebcf0e47472aaa025bdbc0631a753681e4dc59f2943189afb0c216103095
                                                  • Opcode Fuzzy Hash: e3f0c4c8213acbb18b03fec9cfedecaaa27fcaebe5c7849e0d6dd162b258ed50
                                                  • Instruction Fuzzy Hash: 6E411AB1D11328AFCB01DFA8D9846DEBBB9FF08704F1441A6E955AB200D7B49655CF90
                                                  Function 02B613BD Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 93COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _memmove$_free
                                                  • String ID: ($6
                                                  • API String ID: 2620147621-4149066357
                                                  • Opcode ID: 922f6e825a04f1768553719e44ef0c23c1de2b6f46b3b408505f23ea3c01e99d
                                                  • Instruction ID: 31ec499dd454f95d5d64bab019337a174c23a6ebb4754a6a09382080ae4d51c2
                                                  • Opcode Fuzzy Hash: 922f6e825a04f1768553719e44ef0c23c1de2b6f46b3b408505f23ea3c01e99d
                                                  • Instruction Fuzzy Hash: 0F314271D50204EFDB00DFA8E986A9E7BF5FB48340F40496AEB14E7210D7719591CF54
                                                  Function 02B56782 Relevance: 10.6, APIs: 7, Instructions: 91networksleepCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _memset$ErrorEventLastResetSleeprecvselect
                                                  • String ID:
                                                  • API String ID: 903584304-0
                                                  • Opcode ID: f542cb4c12c0b9645cb2070400ade733ca0d12e3e470414d0b27ea2a16e453c3
                                                  • Instruction ID: 32b946c6d41b7ad661458812e0c3355cad6a7fe61d3e5a33edb9c58cf425792b
                                                  • Opcode Fuzzy Hash: f542cb4c12c0b9645cb2070400ade733ca0d12e3e470414d0b27ea2a16e453c3
                                                  • Instruction Fuzzy Hash: 7F31B6B1844219AFEB209F98CC85BEA77BCEB15344F4444EAF909D6140E775ADD08FA4
                                                  Function 02B5A84D Relevance: 10.6, APIs: 7, Instructions: 79processCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 02B5A891
                                                  • GetLastError.KERNEL32(00000004,00000000), ref: 02B5A89C
                                                  • CloseHandle.KERNEL32(00000000), ref: 02B5A90E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: CloseCreateErrorHandleLastSnapshotToolhelp32
                                                  • String ID:
                                                  • API String ID: 256649917-0
                                                  • Opcode ID: 73fcc519317d0f7ebcd85edafa4493439b7ae9e96abba979683036fb2530c56f
                                                  • Instruction ID: 5723f37573c22beaac6685e637b77cde876e8da77eb21d63935d0b6ffcc55f8f
                                                  • Opcode Fuzzy Hash: 73fcc519317d0f7ebcd85edafa4493439b7ae9e96abba979683036fb2530c56f
                                                  • Instruction Fuzzy Hash: 8121F571D0022AEFDB119FA8D985BAE7BBAFF08354F1001A4ED04AB241DB759D12DBD0
                                                  Function 02B56D2F Relevance: 10.6, APIs: 7, Instructions: 79networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _malloc.LIBCMT ref: 02B56D51
                                                    • Part of subcall function 02B79C52: __FF_MSGBANNER.LIBCMT ref: 02B79C69
                                                    • Part of subcall function 02B79C52: __NMSG_WRITE.LIBCMT ref: 02B79C70
                                                    • Part of subcall function 02B79C52: RtlAllocateHeap.NTDLL(00A40000,00000000,00000001,00000000,00000000,00000000,?,02B87D0E,?,?,?,00000000,?,02B87EE1,00000018,02B99648), ref: 02B79C95
                                                  • _memset.LIBCMT ref: 02B56D65
                                                  • WSACreateEvent.WS2_32 ref: 02B56D77
                                                  • WSAGetLastError.WS2_32 ref: 02B56D84
                                                  • WSAEventSelect.WS2_32(?,00000000,00000021), ref: 02B56D92
                                                  • _memset.LIBCMT ref: 02B56DA4
                                                  • _free.LIBCMT ref: 02B56DF3
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Event_memset$AllocateCreateErrorHeapLastSelect_free_malloc
                                                  • String ID:
                                                  • API String ID: 3199520858-0
                                                  • Opcode ID: 2b39d6c27bfd1681283ae3433221ea5eae511827938372a0293fc2100df9bede
                                                  • Instruction ID: c6a20c3817ab5a590597792110c7ca5da35f7f12cc5afafdf367ff97b17d4572
                                                  • Opcode Fuzzy Hash: 2b39d6c27bfd1681283ae3433221ea5eae511827938372a0293fc2100df9bede
                                                  • Instruction Fuzzy Hash: AB21C87194022AAFD7109F6D8C84A6BB7EDFF05354F5449A9FC58DB280D7709C108BA0
                                                  Function 028D6A11 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 028D6A3D
                                                  • _wcschr.LIBCMT ref: 028D6A55
                                                  • GetVolumeInformationW.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 028D6A73
                                                  • GetComputerNameW.KERNEL32(?,?), ref: 028D6A84
                                                  • __snprintf_s.LIBCMT ref: 028D6AAE
                                                    • Part of subcall function 028E3543: __vsnwprintf_s_l.LIBCMT ref: 028E3558
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ComputerDirectoryInformationNameSystemVolume__snprintf_s__vsnwprintf_s_l_wcschr
                                                  • String ID: %04x-%04x:%s
                                                  • API String ID: 3116242082-4041933335
                                                  • Opcode ID: 45ad26d9f48296c9b9ac175693cd9ba72f9973d7910d978579d1d877101a251d
                                                  • Instruction ID: 3060251fb007d1f8af271eb62db78b291b25792caab584f4c3a7275f418eb563
                                                  • Opcode Fuzzy Hash: 45ad26d9f48296c9b9ac175693cd9ba72f9973d7910d978579d1d877101a251d
                                                  • Instruction Fuzzy Hash: F21187BA94011CBEDB10EA65DC89DEB77BCEB55710F0044AAFA09D2140E6709FD48F71
                                                  Function 028D291E Relevance: 10.6, APIs: 7, Instructions: 72sleepthreadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 028D6CD7: CreateRemoteThread.KERNEL32(00000000,00000000,?,?,?,?,00000000), ref: 028D6CFF
                                                    • Part of subcall function 028D6CD7: GetLastError.KERNEL32 ref: 028D6D08
                                                    • Part of subcall function 028D6CD7: GetModuleHandleA.KERNEL32(ntdll,RtlCreateUserThread), ref: 028D6D31
                                                    • Part of subcall function 028D6CD7: GetProcAddress.KERNEL32(00000000), ref: 028D6D38
                                                    • Part of subcall function 028D6CD7: SetLastError.KERNEL32(00000000), ref: 028D6D72
                                                  • GetLastError.KERNEL32(?,?,?,?,?), ref: 028D2976
                                                  • Sleep.KERNEL32(000007D0,?,?,?,?,?,?,?,?,00000000,?,00000000,?), ref: 028D29B2
                                                  • ResumeThread.KERNEL32(00000000,?,?,00000000,?,00000000,?), ref: 028D29B9
                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,00000000,?), ref: 028D29C4
                                                  • CloseHandle.KERNEL32(00000000), ref: 028D29D1
                                                  • SetLastError.KERNEL32(00000000), ref: 028D29D8
                                                  • GetLastError.KERNEL32(?), ref: 028D29E6
                                                    • Part of subcall function 028D2B76: _memset.LIBCMT ref: 028D2B8F
                                                    • Part of subcall function 028D2B76: GetVersionExW.KERNEL32(00000114,?,?,00000000), ref: 028D2BA8
                                                    • Part of subcall function 028D2B76: GetLastError.KERNEL32(?,?,00000000), ref: 028D2BB2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLast$HandleThread$AddressCloseCreateModuleProcRemoteResumeSleepVersion_memset
                                                  • String ID:
                                                  • API String ID: 2522293020-0
                                                  • Opcode ID: 219cfa99a315263cce8289d2a6a63bb9e015bc2764eb723dc2391e852fdbbc49
                                                  • Instruction ID: 7c26f18ba989b84abd652c6533cff529fce0f5bf3c6921c44a69ca23e61c2ca3
                                                  • Opcode Fuzzy Hash: 219cfa99a315263cce8289d2a6a63bb9e015bc2764eb723dc2391e852fdbbc49
                                                  • Instruction Fuzzy Hash: 0D21683E840219FBCB216F959C09EEE7B76EF44762F104145FE0CA2185D7318A65DBA2
                                                  Function 028A93C0 Relevance: 10.6, APIs: 7, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _wcsncpy$_memmove_wcscpy
                                                  • String ID:
                                                  • API String ID: 2086914641-0
                                                  • Opcode ID: dee739a031047157dfeb5c176ee3ba3a1dbb6d85030d37bf4ecd105754e26bb3
                                                  • Instruction ID: 19d8fef530ec3597e403957f16c8b6cb1d39d27c37edad7b6b0b26d1100dcae6
                                                  • Opcode Fuzzy Hash: dee739a031047157dfeb5c176ee3ba3a1dbb6d85030d37bf4ecd105754e26bb3
                                                  • Instruction Fuzzy Hash: 3321A479501705ABEB129F68C804F81B3E9FB18308F148519E74D97A80EB72F165CF95
                                                  Function 028D9FC0 Relevance: 10.6, APIs: 7, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _wcsncpy$_memmove_wcscpy
                                                  • String ID:
                                                  • API String ID: 2086914641-0
                                                  • Opcode ID: dee739a031047157dfeb5c176ee3ba3a1dbb6d85030d37bf4ecd105754e26bb3
                                                  • Instruction ID: 03719fb0aab9463311865810f178c90ff0ee4b599453b61e81e15156bcaa4142
                                                  • Opcode Fuzzy Hash: dee739a031047157dfeb5c176ee3ba3a1dbb6d85030d37bf4ecd105754e26bb3
                                                  • Instruction Fuzzy Hash: 2A21B079500705EBDB259F74C804B91B3E9FB18309F044619E64EA7680E3B1F4A9CF85
                                                  Function 028A2CF9 Relevance: 10.6, APIs: 7, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free$_memset
                                                  • String ID:
                                                  • API String ID: 4237643672-0
                                                  • Opcode ID: 08027d0b98835064e98808e43c93d48a295b872c5aaaace466faf47fd50cab86
                                                  • Instruction ID: e1128d6b27991ebd1ec49b6c02cf98fe696f81c17d436371e43d6ab92c8fce66
                                                  • Opcode Fuzzy Hash: 08027d0b98835064e98808e43c93d48a295b872c5aaaace466faf47fd50cab86
                                                  • Instruction Fuzzy Hash: D201923E001604B7FB32375DCC20B5A77A7BF15714F10052AE64DA58B1DF63B460DA56
                                                  Function 065482B4 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • __init_pointers.LIBCMT ref: 065482B4
                                                    • Part of subcall function 06548594: EncodePointer.KERNEL32(00000000,00000001,065482B9,0654664C,06559CC0,00000008,06546812,?,00000001,?,06559CE0,0000000C,065467B1,?,00000001,?), ref: 06548597
                                                    • Part of subcall function 06548594: __initp_misc_winsig.LIBCMT ref: 065485B2
                                                    • Part of subcall function 06548594: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 06549A06
                                                    • Part of subcall function 06548594: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 06549A1A
                                                    • Part of subcall function 06548594: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 06549A2D
                                                    • Part of subcall function 06548594: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 06549A40
                                                    • Part of subcall function 06548594: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 06549A53
                                                    • Part of subcall function 06548594: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 06549A66
                                                    • Part of subcall function 06548594: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 06549A79
                                                    • Part of subcall function 06548594: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 06549A8C
                                                    • Part of subcall function 06548594: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 06549A9F
                                                    • Part of subcall function 06548594: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 06549AB2
                                                    • Part of subcall function 06548594: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 06549AC5
                                                    • Part of subcall function 06548594: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 06549AD8
                                                    • Part of subcall function 06548594: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 06549AEB
                                                    • Part of subcall function 06548594: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 06549AFE
                                                    • Part of subcall function 06548594: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 06549B11
                                                    • Part of subcall function 06548594: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 06549B24
                                                  • __mtinitlocks.LIBCMT ref: 065482B9
                                                  • __mtterm.LIBCMT ref: 065482C2
                                                    • Part of subcall function 0654832A: DeleteCriticalSection.KERNEL32(?,?,?,?,06546717,065466FD,06559CC0,00000008,06546812,?,00000001,?,06559CE0,0000000C,065467B1,?), ref: 0654C8E8
                                                    • Part of subcall function 0654832A: _free.LIBCMT ref: 0654C8EF
                                                    • Part of subcall function 0654832A: DeleteCriticalSection.KERNEL32(0655C2E0,?,?,06546717,065466FD,06559CC0,00000008,06546812,?,00000001,?,06559CE0,0000000C,065467B1,?,00000001), ref: 0654C911
                                                  • __calloc_crt.LIBCMT ref: 065482E7
                                                  • __initptd.LIBCMT ref: 06548309
                                                  • GetCurrentThreadId.KERNEL32 ref: 06548310
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: AddressProc$CriticalDeleteSection$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
                                                  • String ID:
                                                  • API String ID: 3567560977-0
                                                  • Opcode ID: 22da1f22dde6dff26d3bd5b2b608e9402a36d755b65bde7512319401fb98ddbb
                                                  • Instruction ID: eaf145a07f71ee6436b732c054910804f2dc5bc23845a110f6614579f4a8dff8
                                                  • Opcode Fuzzy Hash: 22da1f22dde6dff26d3bd5b2b608e9402a36d755b65bde7512319401fb98ddbb
                                                  • Instruction Fuzzy Hash: C8F0F03291DB136EE2F83EB57C0675A2790FF8163CB20469AE570E50C0FE12D8408990
                                                  Function 028E62AB Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • __init_pointers.LIBCMT ref: 028E62AB
                                                    • Part of subcall function 028E4742: EncodePointer.KERNEL32(00000000,00000001,028E62B0,028E41B1,028F5498,00000008,028E4377,?,00000001,?,028F54B8,0000000C,028E4316,?,00000001,?), ref: 028E4745
                                                    • Part of subcall function 028E4742: __initp_misc_winsig.LIBCMT ref: 028E4760
                                                    • Part of subcall function 028E4742: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 028E9218
                                                    • Part of subcall function 028E4742: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 028E922C
                                                    • Part of subcall function 028E4742: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 028E923F
                                                    • Part of subcall function 028E4742: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 028E9252
                                                    • Part of subcall function 028E4742: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 028E9265
                                                    • Part of subcall function 028E4742: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 028E9278
                                                    • Part of subcall function 028E4742: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 028E928B
                                                    • Part of subcall function 028E4742: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 028E929E
                                                    • Part of subcall function 028E4742: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 028E92B1
                                                    • Part of subcall function 028E4742: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 028E92C4
                                                    • Part of subcall function 028E4742: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 028E92D7
                                                    • Part of subcall function 028E4742: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 028E92EA
                                                    • Part of subcall function 028E4742: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 028E92FD
                                                    • Part of subcall function 028E4742: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 028E9310
                                                    • Part of subcall function 028E4742: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 028E9323
                                                    • Part of subcall function 028E4742: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 028E9336
                                                  • __mtinitlocks.LIBCMT ref: 028E62B0
                                                  • __mtterm.LIBCMT ref: 028E62B9
                                                    • Part of subcall function 028E6321: DeleteCriticalSection.KERNEL32(?,?,?,?,028E427C,028E4262,028F5498,00000008,028E4377,?,00000001,?,028F54B8,0000000C,028E4316,?), ref: 028E982F
                                                    • Part of subcall function 028E6321: _free.LIBCMT ref: 028E9836
                                                    • Part of subcall function 028E6321: DeleteCriticalSection.KERNEL32(028FA460,?,?,028E427C,028E4262,028F5498,00000008,028E4377,?,00000001,?,028F54B8,0000000C,028E4316,?,00000001), ref: 028E9858
                                                  • __calloc_crt.LIBCMT ref: 028E62DE
                                                  • __initptd.LIBCMT ref: 028E6300
                                                  • GetCurrentThreadId.KERNEL32 ref: 028E6307
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AddressProc$CriticalDeleteSection$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
                                                  • String ID:
                                                  • API String ID: 3567560977-0
                                                  • Opcode ID: 617f771fa63be41edff95a53ef4ea27536ef1fcd98cf7ee4ff1ae9ecb4194c6a
                                                  • Instruction ID: 5b5996c6a80ba10e9e8df3090395763df6a19a94ba57721d6bb7b106665c0400
                                                  • Opcode Fuzzy Hash: 617f771fa63be41edff95a53ef4ea27536ef1fcd98cf7ee4ff1ae9ecb4194c6a
                                                  • Instruction Fuzzy Hash: 2CF0243E9483312AEE647A7C3C0AB5A2B8E8F23370B240A59E52FD50C0FF6080415A96
                                                  Function 02B81DEE Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • __init_pointers.LIBCMT ref: 02B81DEE
                                                    • Part of subcall function 02B7F03F: RtlEncodePointer.NTDLL(00000000), ref: 02B7F042
                                                    • Part of subcall function 02B7F03F: __initp_misc_winsig.LIBCMT ref: 02B7F05D
                                                    • Part of subcall function 02B7F03F: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 02B879F3
                                                    • Part of subcall function 02B7F03F: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 02B87A07
                                                    • Part of subcall function 02B7F03F: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 02B87A1A
                                                    • Part of subcall function 02B7F03F: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 02B87A2D
                                                    • Part of subcall function 02B7F03F: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 02B87A40
                                                    • Part of subcall function 02B7F03F: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 02B87A53
                                                    • Part of subcall function 02B7F03F: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 02B87A66
                                                    • Part of subcall function 02B7F03F: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 02B87A79
                                                    • Part of subcall function 02B7F03F: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 02B87A8C
                                                    • Part of subcall function 02B7F03F: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 02B87A9F
                                                    • Part of subcall function 02B7F03F: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 02B87AB2
                                                    • Part of subcall function 02B7F03F: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 02B87AC5
                                                    • Part of subcall function 02B7F03F: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 02B87AD8
                                                    • Part of subcall function 02B7F03F: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 02B87AEB
                                                    • Part of subcall function 02B7F03F: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 02B87AFE
                                                    • Part of subcall function 02B7F03F: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 02B87B11
                                                  • __mtinitlocks.LIBCMT ref: 02B81DF3
                                                  • __mtterm.LIBCMT ref: 02B81DFC
                                                    • Part of subcall function 02B81E64: DeleteCriticalSection.KERNEL32(?,?,?,?,02B7EB9F,02B7EB85,02B99390,00000008,02B7EC9A,?,00000001,?,02B993B0,0000000C,02B7EC39,?), ref: 02B87E62
                                                    • Part of subcall function 02B81E64: _free.LIBCMT ref: 02B87E69
                                                    • Part of subcall function 02B81E64: DeleteCriticalSection.KERNEL32(02BA1988,?,?,02B7EB9F,02B7EB85,02B99390,00000008,02B7EC9A,?,00000001,?,02B993B0,0000000C,02B7EC39,?,00000001), ref: 02B87E8B
                                                  • __calloc_crt.LIBCMT ref: 02B81E21
                                                  • __initptd.LIBCMT ref: 02B81E43
                                                  • GetCurrentThreadId.KERNEL32 ref: 02B81E4A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: AddressProc$CriticalDeleteSection$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
                                                  • String ID:
                                                  • API String ID: 3567560977-0
                                                  • Opcode ID: 889f63470a61ccc51f26642853b389fb16aee1df297ab4ddb6b5d9773e9fc764
                                                  • Instruction ID: e2b663d65dab13124a448a90089193e1a3d681aa75909ff5d1348af882ef59ff
                                                  • Opcode Fuzzy Hash: 889f63470a61ccc51f26642853b389fb16aee1df297ab4ddb6b5d9773e9fc764
                                                  • Instruction Fuzzy Hash: 91F06D3696A3222AE2687A7CAC0268B6696DF01B76F204AD9E56CD50D0FF508443D994
                                                  Function 06548BC0 Relevance: 9.3, APIs: 6, Instructions: 276COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _ValidateScopeTableHandlers.LIBCMT ref: 06548CD0
                                                  • __FindPESection.LIBCMT ref: 06548CEA
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: FindHandlersScopeSectionTableValidate
                                                  • String ID:
                                                  • API String ID: 876702719-0
                                                  • Opcode ID: ac0079b5d8c18c3ea0d7af6224ce103e532bc4b8c8b2e8c9d136110b2f136042
                                                  • Instruction ID: edd3a372ba7063a7a849df380bac4657cb763d746c7f9ae8d6edd45b1f5ab065
                                                  • Opcode Fuzzy Hash: ac0079b5d8c18c3ea0d7af6224ce103e532bc4b8c8b2e8c9d136110b2f136042
                                                  • Instruction Fuzzy Hash: E9A1DD71E017168FDBA1EF18D884AA9B7E5FB45318F1546AADC15AB341E330EC41CF90
                                                  Function 028E4EE0 Relevance: 9.3, APIs: 6, Instructions: 276COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _ValidateScopeTableHandlers.LIBCMT ref: 028E4FF0
                                                  • __FindPESection.LIBCMT ref: 028E500A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FindHandlersScopeSectionTableValidate
                                                  • String ID:
                                                  • API String ID: 876702719-0
                                                  • Opcode ID: b35884d697e07167017e6532bd9676ae42d92f35f0003609084bffa230b62aa2
                                                  • Instruction ID: 3ddbf965817a49f7db14f7a728f2fe47f3fb6fc79087926a6ea5ad5a34361d7e
                                                  • Opcode Fuzzy Hash: b35884d697e07167017e6532bd9676ae42d92f35f0003609084bffa230b62aa2
                                                  • Instruction Fuzzy Hash: 48A1DE7DA002198FDF10CF58D980BA9B7E5FB46718F55426AED0AE7391E735E900CB90
                                                  Function 02B86DC0 Relevance: 9.3, APIs: 6, Instructions: 276COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _ValidateScopeTableHandlers.LIBCMT ref: 02B86ED0
                                                  • __FindPESection.LIBCMT ref: 02B86EEA
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: FindHandlersScopeSectionTableValidate
                                                  • String ID:
                                                  • API String ID: 876702719-0
                                                  • Opcode ID: 5b439eb93f3d2a4a6874f1d8a277c8569a97237132740b8c98d9cbbd185ec68e
                                                  • Instruction ID: 90aa6c7bfce5f0ba4b703151b80b81067a4cac04e668846a9afa46a61b9b26b3
                                                  • Opcode Fuzzy Hash: 5b439eb93f3d2a4a6874f1d8a277c8569a97237132740b8c98d9cbbd185ec68e
                                                  • Instruction Fuzzy Hash: E8A1AE76E006158FDB11EF18DD81BA9B7A9FB44318F2446A9DC09E7351EB31ED40CB90
                                                  Function 02B7E52A Relevance: 9.2, APIs: 6, Instructions: 215COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 02B7E582
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Locale$UpdateUpdate::_
                                                  • String ID:
                                                  • API String ID: 2803588963-0
                                                  • Opcode ID: d8fb19a1ef959470be3e112b3ec66087cf25b5db417a2e8be575e42e0c0226a1
                                                  • Instruction ID: da46eb3405f9c3f0aa136fc0a0c243c1e458c111c2b9fadd665453ce78c20ed2
                                                  • Opcode Fuzzy Hash: d8fb19a1ef959470be3e112b3ec66087cf25b5db417a2e8be575e42e0c0226a1
                                                  • Instruction Fuzzy Hash: 3171C6359002569BCF219F58C884ABF7BB5FF85358F1441E9E671AB191DB70D841CBA0
                                                  Function 02B5E930 Relevance: 9.2, APIs: 6, Instructions: 160keyboardCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetSystemMetrics.USER32(00000000), ref: 02B5EA07
                                                  • GetSystemMetrics.USER32(00000001), ref: 02B5EA0E
                                                  • SendInput.USER32(00000001,?,0000001C), ref: 02B5EA90
                                                  • SendInput.USER32(00000001,?,0000001C), ref: 02B5EABE
                                                  • SendInput.USER32(00000001,?,0000001C), ref: 02B5EAD3
                                                  • SendInput.USER32(00000001,?,0000001C), ref: 02B5EAE8
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: InputSend$MetricsSystem
                                                  • String ID:
                                                  • API String ID: 1046123477-0
                                                  • Opcode ID: ba3c35693b0c2ecc0508e971de7e9c3930775d6ab310a6e4417619c254c9b3c2
                                                  • Instruction ID: ff9b0ff4a1e94f0790ca199d2c6a8d756f522a91513746862777b2a3a34c4073
                                                  • Opcode Fuzzy Hash: ba3c35693b0c2ecc0508e971de7e9c3930775d6ab310a6e4417619c254c9b3c2
                                                  • Instruction Fuzzy Hash: B751C171D107189FDB52DBB8C886BAEBBB8EF45350F104256FA11BB190E7719A81CB80
                                                  Function 02B5C2AD Relevance: 9.2, APIs: 6, Instructions: 159COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ReadEventLogA.ADVAPI32(?,?,00000000,?,00000000,?,?), ref: 02B5C32F
                                                  • GetLastError.KERNEL32 ref: 02B5C343
                                                  • _malloc.LIBCMT ref: 02B5C351
                                                    • Part of subcall function 02B79C52: __FF_MSGBANNER.LIBCMT ref: 02B79C69
                                                    • Part of subcall function 02B79C52: __NMSG_WRITE.LIBCMT ref: 02B79C70
                                                    • Part of subcall function 02B79C52: RtlAllocateHeap.NTDLL(00A40000,00000000,00000001,00000000,00000000,00000000,?,02B87D0E,?,?,?,00000000,?,02B87EE1,00000018,02B99648), ref: 02B79C95
                                                  • ReadEventLogA.ADVAPI32(?,?,?,00000000,?,?,?), ref: 02B5C37A
                                                  • GetLastError.KERNEL32 ref: 02B5C448
                                                  • _free.LIBCMT ref: 02B5C468
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorEventLastRead$AllocateHeap_free_malloc
                                                  • String ID:
                                                  • API String ID: 2673813885-0
                                                  • Opcode ID: 7aafa32d7f614d115b626db1c8fa1cb06dd79125dada959d0640465529badf3e
                                                  • Instruction ID: 6f6fd878fe85e346ee654b70d914caebca57427de707d1f7bf9feb205a59330d
                                                  • Opcode Fuzzy Hash: 7aafa32d7f614d115b626db1c8fa1cb06dd79125dada959d0640465529badf3e
                                                  • Instruction Fuzzy Hash: E251B175A40225AFCB509FA8DD45EBA7BBAFF08350B040495FE48EB601D7B19961CBE0
                                                  Function 06543949 Relevance: 9.1, APIs: 6, Instructions: 149COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _calloc.LIBCMT ref: 06543976
                                                    • Part of subcall function 065450E8: __calloc_impl.LIBCMT ref: 065450FB
                                                  • _calloc.LIBCMT ref: 0654398F
                                                  • _memmove.LIBCMT ref: 06543A0B
                                                  • _calloc.LIBCMT ref: 06543A16
                                                  • _free.LIBCMT ref: 06543ABB
                                                    • Part of subcall function 06543815: _free.LIBCMT ref: 0654382B
                                                    • Part of subcall function 06543815: _free.LIBCMT ref: 0654383B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _calloc_free$__calloc_impl_memmove
                                                  • String ID:
                                                  • API String ID: 2238107928-0
                                                  • Opcode ID: eef0a79d21db1ed01d41cb9df27a7903c9dde317b0036a565ecb53e3f27c519b
                                                  • Instruction ID: 766cad525db1ed22de94f8ac31fb5346bfa023d6bbb1cef28b68e8c7afae14fb
                                                  • Opcode Fuzzy Hash: eef0a79d21db1ed01d41cb9df27a7903c9dde317b0036a565ecb53e3f27c519b
                                                  • Instruction Fuzzy Hash: 22515471E4020AAFDF55EF96C980AAEB7B5FF44354F1081A9F914AB260E731DA50CF90
                                                  Function 02B5BF6F Relevance: 9.1, APIs: 6, Instructions: 140registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,00000000,?), ref: 02B5BFBF
                                                  • _calloc.LIBCMT ref: 02B5BFD9
                                                    • Part of subcall function 02B79BDA: __calloc_impl.LIBCMT ref: 02B79BED
                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 02B5BFFA
                                                  • _free.LIBCMT ref: 02B5C0A8
                                                    • Part of subcall function 02B5BB5F: _strlen.LIBCMT ref: 02B5BC06
                                                    • Part of subcall function 02B5BB5F: _free.LIBCMT ref: 02B5BC11
                                                    • Part of subcall function 02B5BB5F: _calloc.LIBCMT ref: 02B5BC37
                                                    • Part of subcall function 02B5BB5F: SetLastError.KERNEL32(00000008,?,?,?,00000000,00000000,00000000,?,02B5C049,00000000,?), ref: 02B5BC49
                                                    • Part of subcall function 02B5BB5F: _free.LIBCMT ref: 02B5BCC8
                                                  • _free.LIBCMT ref: 02B5C065
                                                    • Part of subcall function 02B79C1A: RtlFreeHeap.NTDLL(00000000,00000000,?,02B81D2C,00000000,?,?,?,00000000,?,02B87EE1,00000018,02B99648,00000008,02B87E2E,?), ref: 02B79C2E
                                                    • Part of subcall function 02B79C1A: GetLastError.KERNEL32(00000000,?,02B81D2C,00000000,?,?,?,00000000,?,02B87EE1,00000018,02B99648,00000008,02B87E2E,?,?), ref: 02B79C40
                                                  • _free.LIBCMT ref: 02B5C0CE
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorLastQueryValue_calloc$FreeHeap__calloc_impl_strlen
                                                  • String ID:
                                                  • API String ID: 2618386454-0
                                                  • Opcode ID: cea9f7c319ff04a7424a1da0243f5e07da8274fa1032806bedb0646f77429c9d
                                                  • Instruction ID: 8ab82df0efdd54e7fe1c59d516e540364ca6f39e43b633ca386024946a85cb0e
                                                  • Opcode Fuzzy Hash: cea9f7c319ff04a7424a1da0243f5e07da8274fa1032806bedb0646f77429c9d
                                                  • Instruction Fuzzy Hash: 1641A5B5D40316AFDB109FA8DC85D7E7B7AFF09344B0404AAFD05AB201DBB29E108B50
                                                  Function 028AA4D1 Relevance: 9.1, APIs: 6, Instructions: 119COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _memmove
                                                  • String ID:
                                                  • API String ID: 4104443479-0
                                                  • Opcode ID: 6201b1f20a5581bb78bced9801d85808f70c2aa4e1f00250e736de9a4b55422b
                                                  • Instruction ID: 7a2c9715b1db43d371e2460e81d1661d6fd7cb41d7190a86147e4a5ddec92a44
                                                  • Opcode Fuzzy Hash: 6201b1f20a5581bb78bced9801d85808f70c2aa4e1f00250e736de9a4b55422b
                                                  • Instruction Fuzzy Hash: E3412D79100B01AFE7259F29CD50A62BBF5FF08714F044619E99AC6E61EB31F951CF90
                                                  Function 028DB0D1 Relevance: 9.1, APIs: 6, Instructions: 119COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _memmove
                                                  • String ID:
                                                  • API String ID: 4104443479-0
                                                  • Opcode ID: 6201b1f20a5581bb78bced9801d85808f70c2aa4e1f00250e736de9a4b55422b
                                                  • Instruction ID: 2edeb99039f59def3ad1f7f1dfba5fb503c5433a9988dc3bc099ca3d7c6121e7
                                                  • Opcode Fuzzy Hash: 6201b1f20a5581bb78bced9801d85808f70c2aa4e1f00250e736de9a4b55422b
                                                  • Instruction Fuzzy Hash: 15416B7A100B00AFDB219F65CD80B66BBE5FF08714F044A1DE99ADAA60D771F850CF90
                                                  Function 06543844 Relevance: 9.1, APIs: 6, Instructions: 107COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _calloc.LIBCMT ref: 06543869
                                                    • Part of subcall function 065450E8: __calloc_impl.LIBCMT ref: 065450FB
                                                  • ReadProcessMemory.KERNEL32(?,?,00000000,00000000,?,00000000,?,?,00000000,?,?), ref: 0654388B
                                                  • _calloc.LIBCMT ref: 065438C7
                                                  • ReadProcessMemory.KERNEL32(00000004,00000000,00000000,00000004,?), ref: 065438E2
                                                  • GetLastError.KERNEL32 ref: 0654391F
                                                  • _free.LIBCMT ref: 06543941
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: MemoryProcessRead_calloc$ErrorLast__calloc_impl_free
                                                  • String ID:
                                                  • API String ID: 51542497-0
                                                  • Opcode ID: b659ae5e73b59a7447ab7ec00502763261f1d7482e27df13d61f9b403d32532b
                                                  • Instruction ID: 827b83ae1f33d0efd2b1fe8b89954a277b2d88fbe55f1761fc43b4979198cbd8
                                                  • Opcode Fuzzy Hash: b659ae5e73b59a7447ab7ec00502763261f1d7482e27df13d61f9b403d32532b
                                                  • Instruction Fuzzy Hash: 30310A75A00209AFEB55EF55D884AA9BBB5FF48724F10809AF9159B250DB31DE10CF90
                                                  Function 02B5C58B Relevance: 9.1, APIs: 6, Instructions: 107COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetEnvironmentVariableW.KERNEL32(00000000,00000000,00000000), ref: 02B5C60D
                                                  • _malloc.LIBCMT ref: 02B5C61E
                                                  • GetEnvironmentVariableW.KERNEL32(00000000,00000000,?), ref: 02B5C62B
                                                  • _free.LIBCMT ref: 02B5C64B
                                                  • _free.LIBCMT ref: 02B5C651
                                                  • _free.LIBCMT ref: 02B5C65D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _free$EnvironmentVariable$_malloc
                                                  • String ID:
                                                  • API String ID: 372388835-0
                                                  • Opcode ID: c025a12607a4c55dbd3e4a631992b07aec214d2b4bb678796a92b34ed915d6a5
                                                  • Instruction ID: 25fa0306029e63dafd25df8f06715d03826d7d4679cb6856acca04d3ad1b774b
                                                  • Opcode Fuzzy Hash: c025a12607a4c55dbd3e4a631992b07aec214d2b4bb678796a92b34ed915d6a5
                                                  • Instruction Fuzzy Hash: 7431B2B4940259AFDB11AFA8DC45FBA3FBAFF05344F0800D5ED059B202DB718E118BA5
                                                  Function 028D3AB0 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _memmovehtonl$_free_malloc
                                                  • String ID:
                                                  • API String ID: 2068101931-0
                                                  • Opcode ID: e4e5825ab7d31972e6e3d55c71e0e31a5b0fec84faf709ffff40299b45024c00
                                                  • Instruction ID: 4049eaa3be93b7b5f4def562629b09efc3380d78cf2328612338a92e1c71e6fe
                                                  • Opcode Fuzzy Hash: e4e5825ab7d31972e6e3d55c71e0e31a5b0fec84faf709ffff40299b45024c00
                                                  • Instruction Fuzzy Hash: 7E2144BED00619ABCF10EFD9CC44A9ABB79EF54314B144499E949E7300D771AA14CF91
                                                  Function 028D3B9C Relevance: 9.1, APIs: 6, Instructions: 71COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _malloc
                                                  • String ID:
                                                  • API String ID: 1579825452-0
                                                  • Opcode ID: d1c7829258bda934cd05f946472ee2bc95ad4663e12545aa441427d065e36590
                                                  • Instruction ID: 14dc06eebd4a38dc8a4ea7f3a8c43423c8df7c2214e4c3858f77c832225346ac
                                                  • Opcode Fuzzy Hash: d1c7829258bda934cd05f946472ee2bc95ad4663e12545aa441427d065e36590
                                                  • Instruction Fuzzy Hash: 1B21497A90020AFFCB10DF98DC40E9ABBAAFF48314B148656E908D7A10D771E960CFD1
                                                  Function 02B593C4 Relevance: 9.1, APIs: 6, Instructions: 67COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • htonl.WS2_32(?), ref: 02B59404
                                                  • OpenProcess.KERNEL32(00000001,00000000,00000000), ref: 02B5940F
                                                  • TerminateProcess.KERNEL32(00000000,00000000), ref: 02B5941F
                                                  • GetLastError.KERNEL32 ref: 02B59429
                                                  • CloseHandle.KERNEL32(?), ref: 02B59434
                                                  • GetLastError.KERNEL32 ref: 02B59458
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorLastProcess$CloseHandleOpenTerminatehtonl
                                                  • String ID:
                                                  • API String ID: 71079760-0
                                                  • Opcode ID: 570a4d0e4a1d6e0beef9e52253cf4405acf14829d4f26fbb5705557cafb777f0
                                                  • Instruction ID: 3d239e8ffac5a75773f3d15010097e446929f1831af72ee49c7974d64450de67
                                                  • Opcode Fuzzy Hash: 570a4d0e4a1d6e0beef9e52253cf4405acf14829d4f26fbb5705557cafb777f0
                                                  • Instruction Fuzzy Hash: 80216F31D4021AEFDB11AFA8DD09EAA3BB9FF04385F0440A0FD09D7111D7718920DB91
                                                  Function 028B56AB Relevance: 9.0, APIs: 6, Instructions: 45COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • __init_pointers.LIBCMT ref: 028B56AB
                                                    • Part of subcall function 028B3B42: __initp_misc_winsig.LIBCMT ref: 028B3B60
                                                  • __mtinitlocks.LIBCMT ref: 028B56B0
                                                  • __mtterm.LIBCMT ref: 028B56B9
                                                    • Part of subcall function 028B5721: _free.LIBCMT ref: 028B8C36
                                                  • __calloc_crt.LIBCMT ref: 028B56DE
                                                  • __initptd.LIBCMT ref: 028B5700
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: __calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
                                                  • String ID:
                                                  • API String ID: 206718379-0
                                                  • Opcode ID: b120e1b3c185bc3966b2299b072022a3fef342da16809b1ffdd16da0698a9e06
                                                  • Instruction ID: adfbb686c6a40e1d41368a4f94637d8f8a65c3975857233154f7aa1c45b40810
                                                  • Opcode Fuzzy Hash: b120e1b3c185bc3966b2299b072022a3fef342da16809b1ffdd16da0698a9e06
                                                  • Instruction Fuzzy Hash: 22F0243E2297215AF2377B7C2C42BCB27CB9F02374B30061EE024C52D0EF24C0424AA6
                                                  Function 028A97B7 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _memset$_free
                                                  • String ID: <
                                                  • API String ID: 2449463427-4251816714
                                                  • Opcode ID: 2948b3510f2942b95dfff9ecc4dd7d4848d64c91f72689f7b636c147897874f7
                                                  • Instruction ID: 607477f766f21ccef30660231f6b25a251bb808ca60dde8f793e48fb6cc34bc5
                                                  • Opcode Fuzzy Hash: 2948b3510f2942b95dfff9ecc4dd7d4848d64c91f72689f7b636c147897874f7
                                                  • Instruction Fuzzy Hash: B3416D79800204EBEB31AF66DC58E9BBBF9FB88700F10456EF649E2560DB71A554CF60
                                                  Function 028A86E4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 99COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _mbstowcs_s.LIBCMT ref: 028A8718
                                                    • Part of subcall function 028B0557: __wcstombs_s_l.LIBCMT ref: 028B056B
                                                    • Part of subcall function 028A4866: __aulldiv.LIBCMT ref: 028A489E
                                                  • _strncmp.LIBCMT ref: 028A8733
                                                  • _strrchr.LIBCMT ref: 028A875A
                                                  • _strrchr.LIBCMT ref: 028A8772
                                                    • Part of subcall function 028B34F6: __wcstoi64.LIBCMT ref: 028B3500
                                                    • Part of subcall function 028A8026: _memset.LIBCMT ref: 028A804D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _strrchr$__aulldiv__wcstoi64__wcstombs_s_l_mbstowcs_s_memset_strncmp
                                                  • String ID: 6
                                                  • API String ID: 3857070537-498629140
                                                  • Opcode ID: d91ad4a066957b0aaf0849911cc7eb3529f0a56502c3e53a47ae7d033ac38945
                                                  • Instruction ID: d7f7fe233905ea9a42675e413b85edc0d494d1a1f9d9afee571300db39573a56
                                                  • Opcode Fuzzy Hash: d91ad4a066957b0aaf0849911cc7eb3529f0a56502c3e53a47ae7d033ac38945
                                                  • Instruction Fuzzy Hash: 7A31267E804344BFFB22AB28DC49FABB7ADAF44300F504099F649E6540EF71A5008F62
                                                  Function 028A8F69 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _memset$_free
                                                  • String ID: <
                                                  • API String ID: 2449463427-4251816714
                                                  • Opcode ID: d9875a5e01d07ffc43511d7e9edc7c320a2411df8174228feeff1ca86baad3bd
                                                  • Instruction ID: e171132620fb4f23469b48cdba43f1beadc7f84592f1bf7e6364aa63f40236bc
                                                  • Opcode Fuzzy Hash: d9875a5e01d07ffc43511d7e9edc7c320a2411df8174228feeff1ca86baad3bd
                                                  • Instruction Fuzzy Hash: 9E315279801215ABDB11AF65DC84ADABFBDFF08350F104166F608E2550DB319694CFE0
                                                  Function 02B64570 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 80COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 02B647F0: _malloc.LIBCMT ref: 02B647F6
                                                  • __wgetenv.LIBCMT ref: 02B6464A
                                                  • _swscanf.LIBCMT ref: 02B64668
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: __wgetenv_malloc_swscanf
                                                  • String ID: %ld%c$JPEGMEM$x
                                                  • API String ID: 33067021-3402169052
                                                  • Opcode ID: b2bebf0b0671905daf4f2334ad15866ff57ac2024d9be9e98358d23c80d746cf
                                                  • Instruction ID: 3156edc8a38812cead0edd8460049498fd756ee2f618bc12500c8bf922917d44
                                                  • Opcode Fuzzy Hash: b2bebf0b0671905daf4f2334ad15866ff57ac2024d9be9e98358d23c80d746cf
                                                  • Instruction Fuzzy Hash: 863165B1500B019BD330CF55CA4876BBBF8EF01708F108ACDE59A4BA40D7B9A6498F90
                                                  Function 06543628 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • EnumProcesses.PSAPI(?,00001000,06543C07,00000000,00000000,?,06543C07), ref: 06543648
                                                  • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,00001000,06543C07,00000000,00000000,?,06543C07), ref: 06543673
                                                  • GetProcessImageFileNameA.PSAPI(00000000,?,00000104,?,06543C07), ref: 0654368C
                                                  • CloseHandle.KERNEL32(00000000,00000000,?,00000104,?,06543C07), ref: 065436AD
                                                    • Part of subcall function 065435F0: _strlen.LIBCMT ref: 065435F7
                                                    • Part of subcall function 065435F0: _strlen.LIBCMT ref: 06543601
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Process_strlen$CloseEnumFileHandleImageNameOpenProcesses
                                                  • String ID: \lsass.exe
                                                  • API String ID: 4175138427-316735421
                                                  • Opcode ID: 31584408422a3e92f23a0def6e23e2778e5a506d7895f3f844f67e3191878649
                                                  • Instruction ID: 6efa90f9c1b92636db0303cb30b0ec910e156321e1240dfabb95e9648a747461
                                                  • Opcode Fuzzy Hash: 31584408422a3e92f23a0def6e23e2778e5a506d7895f3f844f67e3191878649
                                                  • Instruction Fuzzy Hash: F911DB75E0422A67D7A1BA6AAC44ADE73ADBF44758F1000E1ED14D3260FB60DE84CAD4
                                                  Function 06541308 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 47libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryA.KERNEL32(kernel32.dll), ref: 06541326
                                                  • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 06541338
                                                  • FreeLibrary.KERNEL32(00000000), ref: 06541366
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Library$AddressFreeLoadProc
                                                  • String ID: GetNativeSystemInfo$kernel32.dll
                                                  • API String ID: 145871493-192647395
                                                  • Opcode ID: 4b43363e609ef8ae2838fa38e4a81afc343dff8edd5e1157e20f05892e4be531
                                                  • Instruction ID: 46047012940f4e0bb14a3b23e11ae6a00444a83d315168265bc9c2e985b17ba3
                                                  • Opcode Fuzzy Hash: 4b43363e609ef8ae2838fa38e4a81afc343dff8edd5e1157e20f05892e4be531
                                                  • Instruction Fuzzy Hash: 79F02832B1061457C770AA789C1EBFE77ACFB48E51F0100AAF901E6080FE50C981C5E0
                                                  Function 02B59D36 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 47libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryA.KERNEL32(kernel32.dll,00000006,?), ref: 02B59D54
                                                  • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 02B59D66
                                                  • FreeLibrary.KERNEL32(00000000), ref: 02B59D94
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Library$AddressFreeLoadProc
                                                  • String ID: GetNativeSystemInfo$kernel32.dll
                                                  • API String ID: 145871493-192647395
                                                  • Opcode ID: 91b650f724fb79045be4538c6f41a74255f9c744d2bda407edfb2b1a33ee029f
                                                  • Instruction ID: cd8ebd4a3d046be69f686c00f708e2407fd7cce6b56151c2fd27dca12ba5161c
                                                  • Opcode Fuzzy Hash: 91b650f724fb79045be4538c6f41a74255f9c744d2bda407edfb2b1a33ee029f
                                                  • Instruction Fuzzy Hash: 73F02D32650635A7D7216B6C9D0ABFEB3ECD759E51F0000A6FC05E60C0EF60D94189E0
                                                  Function 02B574D1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryA.KERNEL32(kernel32.dll), ref: 02B574E9
                                                  • GetProcAddress.KERNEL32(00000000,ProcessIdToSessionId), ref: 02B574FB
                                                  • FreeLibrary.KERNEL32(00000000), ref: 02B5752D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Library$AddressFreeLoadProc
                                                  • String ID: ProcessIdToSessionId$kernel32.dll
                                                  • API String ID: 145871493-3889420803
                                                  • Opcode ID: 07a4c70aa45bfd4623c96a1f41e4ebd0011cf0c855b9ca72c6a609369408e328
                                                  • Instruction ID: 3f6316dac8aabf75c2f7ef0520864cfd1d6cb4bc3fea977fb60b13d4d07da49f
                                                  • Opcode Fuzzy Hash: 07a4c70aa45bfd4623c96a1f41e4ebd0011cf0c855b9ca72c6a609369408e328
                                                  • Instruction Fuzzy Hash: F4F0A430E61636FBDB15CF6CEA01ADDB7A8EF097907004594FC09D7210EB709E10EA90
                                                  Function 028DFBE9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 028DFC00
                                                  • GetModuleHandleA.KERNEL32(ntdll.dll,RtlGetVersion), ref: 028DFC1C
                                                  • GetProcAddress.KERNEL32(00000000), ref: 028DFC23
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AddressHandleModuleProc_memset
                                                  • String ID: RtlGetVersion$ntdll.dll
                                                  • API String ID: 3368017834-1489217083
                                                  • Opcode ID: 5cf992e662dd9d306eb20b6a8c5061d00bcb8e7200511acfa713dec21550837c
                                                  • Instruction ID: b1719483dacb67413211e612ac6eea7ad1b0810951048e0d5b988ee826bd7534
                                                  • Opcode Fuzzy Hash: 5cf992e662dd9d306eb20b6a8c5061d00bcb8e7200511acfa713dec21550837c
                                                  • Instruction Fuzzy Hash: AFF0963CE4021C97EF349B609C0BBD933A8AB14749F0048A4EF0ED1540D774929CCE92
                                                  Function 02B5753B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryA.KERNEL32(kernel32.dll,00000032,?,02B5D833), ref: 02B5754F
                                                  • GetProcAddress.KERNEL32(00000000,WTSGetActiveConsoleSessionId), ref: 02B57561
                                                  • FreeLibrary.KERNEL32(00000000), ref: 02B57580
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Library$AddressFreeLoadProc
                                                  • String ID: WTSGetActiveConsoleSessionId$kernel32.dll
                                                  • API String ID: 145871493-2743965321
                                                  • Opcode ID: 01c0b41a6d174847396ba97e4e207610efc8ecb5729451d5eb11f8d7effd4312
                                                  • Instruction ID: 42afedbf1a28a2c3e428b4d495f54122a00dbc28f8abbd89dae90aee9bfe0bb0
                                                  • Opcode Fuzzy Hash: 01c0b41a6d174847396ba97e4e207610efc8ecb5729451d5eb11f8d7effd4312
                                                  • Instruction Fuzzy Hash: 91E02B36F511336B87214A3CB805F4AB799DF45AD130A04A0FC19D7201DFE0C845EAF0
                                                  Function 065434DD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,IsWow64Process,?,?,?,06543B09), ref: 065434F0
                                                  • GetProcAddress.KERNEL32(00000000), ref: 065434F7
                                                  • GetCurrentProcess.KERNEL32(00000000,?,?,?,06543B09), ref: 06543507
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: AddressCurrentHandleModuleProcProcess
                                                  • String ID: IsWow64Process$kernel32.dll
                                                  • API String ID: 4190356694-3024904723
                                                  • Opcode ID: 4d8f3f6f29164dc55c60fcf567425d12dff79f96483640383903f415011fd6a3
                                                  • Instruction ID: 5171d1ede0c98ef06527680dc22c19d55a59de63132c0fd02c9baad5e89e539a
                                                  • Opcode Fuzzy Hash: 4d8f3f6f29164dc55c60fcf567425d12dff79f96483640383903f415011fd6a3
                                                  • Instruction Fuzzy Hash: D4E04F72C11319F7CA109AE5D81DA8E7BACEB04725B100182B904D3100EA7499049AF1
                                                  Function 028B42FA Relevance: 7.8, APIs: 5, Instructions: 267COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _ValidateScopeTableHandlers.LIBCMT ref: 028B43F0
                                                  • __FindPESection.LIBCMT ref: 028B440A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FindHandlersScopeSectionTableValidate
                                                  • String ID:
                                                  • API String ID: 876702719-0
                                                  • Opcode ID: 9d7c0d18798af8a4b3cce00e683b59e82df9b4b9cae5e473473fdc531e436ef2
                                                  • Instruction ID: cbe8b9e463c0966602b3149dd58fdafeb6a42eba1f5df2c8f83da8577308b541
                                                  • Opcode Fuzzy Hash: 9d7c0d18798af8a4b3cce00e683b59e82df9b4b9cae5e473473fdc531e436ef2
                                                  • Instruction Fuzzy Hash: 64A1BF7DA006298FDB12CF58D991AEDB7A5FF48324F68426DD809E7352D731E801CB90
                                                  Function 028A710F Relevance: 7.7, APIs: 5, Instructions: 249COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 028A7137
                                                  • _memset.LIBCMT ref: 028A714B
                                                  • __time64.LIBCMT ref: 028A7159
                                                    • Part of subcall function 028B0DD7: __aulldiv.LIBCMT ref: 028B0E00
                                                    • Part of subcall function 028A9A45: _malloc.LIBCMT ref: 028A9A4E
                                                    • Part of subcall function 028A9A45: _memset.LIBCMT ref: 028A9A64
                                                    • Part of subcall function 028A59AF: _calloc.LIBCMT ref: 028A59B4
                                                  • _malloc.LIBCMT ref: 028A7213
                                                  • _memcpy_s.LIBCMT ref: 028A721F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _memset$_malloc$__aulldiv__time64_calloc_memcpy_s
                                                  • String ID:
                                                  • API String ID: 3504761939-0
                                                  • Opcode ID: 9c5746c5fba9ae746914730e9fbc95f78a13241c2e98dabd79021112a213c542
                                                  • Instruction ID: 3da6915d9b9c440b7dd12861d47fbc7ac659f1b03c21cfb5314cc4bcbb7fe5ba
                                                  • Opcode Fuzzy Hash: 9c5746c5fba9ae746914730e9fbc95f78a13241c2e98dabd79021112a213c542
                                                  • Instruction Fuzzy Hash: 21819FBE900616AFFB10AF68CCA4AAEF7A9BF04310F144119E909D7640EF35E950DF91
                                                  Function 028A8D11 Relevance: 7.7, APIs: 5, Instructions: 234COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free
                                                  • String ID:
                                                  • API String ID: 269201875-0
                                                  • Opcode ID: 03d0dbc7e33a87cd91d521431e8e60345c9860d595601bd38437a7126531397f
                                                  • Instruction ID: 1b750359823f5941906b3bc9cd87deb2d6b1638fd5938e2164a85533f1a9ff95
                                                  • Opcode Fuzzy Hash: 03d0dbc7e33a87cd91d521431e8e60345c9860d595601bd38437a7126531397f
                                                  • Instruction Fuzzy Hash: D7716D79D0020AAFEF14DFA8DC95BAE77B9EF04314F104469E915E7240EB74EA50CB61
                                                  Function 028A8317 Relevance: 7.7, APIs: 5, Instructions: 210COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free_malloc_memcmp_memcpy_s_memmove
                                                  • String ID:
                                                  • API String ID: 1750545951-0
                                                  • Opcode ID: d3773781f35d5db00278b0923a9b7d9bf4956023e37adb30438fa05dedd76257
                                                  • Instruction ID: 702ee63b78741c42955362b3ac2eea4d6a5a8d2558d1ddb7f835ed109c15c5fb
                                                  • Opcode Fuzzy Hash: d3773781f35d5db00278b0923a9b7d9bf4956023e37adb30438fa05dedd76257
                                                  • Instruction Fuzzy Hash: F261B77E900209AFFB119BA8CC94BDE7BB9AF08314F144165E908E7151DF71D9448BB5
                                                  Function 02B7AE14 Relevance: 7.7, APIs: 5, Instructions: 163COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _memset$__filbuf__getptd_noexit__read_nolock_memcpy_s
                                                  • String ID:
                                                  • API String ID: 1559183368-0
                                                  • Opcode ID: 17071ac297ca83e33f16d1771a3c2e84f3d0a8edfaacb253ed9c787c26939ae2
                                                  • Instruction ID: 7b9b75fa0fe0a9fcdef27ed5c1ce17b2b42414cf8a065ff00ead14fbe0086549
                                                  • Opcode Fuzzy Hash: 17071ac297ca83e33f16d1771a3c2e84f3d0a8edfaacb253ed9c787c26939ae2
                                                  • Instruction Fuzzy Hash: DF51C0B2A00705DFDB689F69C88066EB7B6EF40324F2487A9F879DB2D0D7709950CB44
                                                  Function 028A36B1 Relevance: 7.7, APIs: 5, Instructions: 155COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 028A36CC
                                                  • _malloc.LIBCMT ref: 028A3783
                                                    • Part of subcall function 028AF4B0: __FF_MSGBANNER.LIBCMT ref: 028AF4C7
                                                    • Part of subcall function 028AF4B0: __NMSG_WRITE.LIBCMT ref: 028AF4CE
                                                  • _malloc.LIBCMT ref: 028A37AB
                                                    • Part of subcall function 028A3FD3: _malloc.LIBCMT ref: 028A3FD6
                                                  • _free.LIBCMT ref: 028A3826
                                                  • _free.LIBCMT ref: 028A3830
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _malloc$_free$_memset
                                                  • String ID:
                                                  • API String ID: 1226919063-0
                                                  • Opcode ID: 9561a86e9eb260eafd43ac2edc27dd9616e09f4d4e159b44721421beba588d87
                                                  • Instruction ID: fb8c375a09e1f86ae1ffe8a09c375a30f94e91dd6dded99f2b062d92011a4395
                                                  • Opcode Fuzzy Hash: 9561a86e9eb260eafd43ac2edc27dd9616e09f4d4e159b44721421beba588d87
                                                  • Instruction Fuzzy Hash: 3B515E7D900219EFEB21DF68C890B6ABBF5FF08314F2485A9E818DB251DB31D951CB91
                                                  Function 028D367C Relevance: 7.6, APIs: 5, Instructions: 141COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free$_malloc_memset
                                                  • String ID:
                                                  • API String ID: 2102557794-0
                                                  • Opcode ID: 146a9261c69acf0e95863407d82ff8f276f58b9af146983b66c6edff506bee47
                                                  • Instruction ID: c59750a7907b108fdc81f4c316dd27643e0cefc39725f141a0ae98b5baba6755
                                                  • Opcode Fuzzy Hash: 146a9261c69acf0e95863407d82ff8f276f58b9af146983b66c6edff506bee47
                                                  • Instruction Fuzzy Hash: 3741B2BDA00609EFDF209F94DC808AE7B7AEF44314F1444B9F909D6611DB329958DF92
                                                  Function 02B5AC6E Relevance: 7.6, APIs: 5, Instructions: 124threadinjectionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 02B5ACB8
                                                  • GetThreadContext.KERNEL32(00000000,00010007), ref: 02B5ACD2
                                                  • GetLastError.KERNEL32 ref: 02B5ACDC
                                                  • htonl.WS2_32(?), ref: 02B5AD61
                                                  • SetThreadContext.KERNEL32(00000000,?), ref: 02B5ADA3
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ContextThread$ErrorLast_memsethtonl
                                                  • String ID:
                                                  • API String ID: 1542984330-0
                                                  • Opcode ID: 2fc8e4a7f61dcfd085cefababe0995ed9117f6840dc1b76fcc16419b362c9d81
                                                  • Instruction ID: ffd09ce429570087bd6ac35e4ef5fea928ca0142a964949a3e6d7d24860fd034
                                                  • Opcode Fuzzy Hash: 2fc8e4a7f61dcfd085cefababe0995ed9117f6840dc1b76fcc16419b362c9d81
                                                  • Instruction Fuzzy Hash: DA418D72D0011AAFDB10DBA8DC49FEE7BBDFF08285F0404A5EA09E7141E77199548B90
                                                  Function 028A7BED Relevance: 7.6, APIs: 5, Instructions: 122COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _wcschr$__aulldiv__snprintf_s_calloc_wcsstr
                                                  • String ID:
                                                  • API String ID: 572502409-0
                                                  • Opcode ID: 5f96237a9c986790abf1ab0894fd48c58cfc17c9fc48e1514625d2b06c98efd6
                                                  • Instruction ID: e86416410dd6e907aa841e5516365a61064478f9d9cca3950ae82659e4f832e5
                                                  • Opcode Fuzzy Hash: 5f96237a9c986790abf1ab0894fd48c58cfc17c9fc48e1514625d2b06c98efd6
                                                  • Instruction Fuzzy Hash: EE41C1BD900205BBFB22AF68DC51FADB7A9EF18350F100165FA18E6180EB71A550DB95
                                                  Function 02B5783F Relevance: 7.6, APIs: 5, Instructions: 112libraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentProcess.KERNEL32 ref: 02B578AC
                                                  • LoadLibraryA.KERNEL32(?), ref: 02B578EF
                                                  • GetLastError.KERNEL32 ref: 02B578FC
                                                    • Part of subcall function 02B57C26: _strlen.LIBCMT ref: 02B57C3F
                                                    • Part of subcall function 02B57C26: _malloc.LIBCMT ref: 02B57C4B
                                                    • Part of subcall function 02B57CAA: _strlen.LIBCMT ref: 02B57CC4
                                                    • Part of subcall function 02B57CAA: _malloc.LIBCMT ref: 02B57CD0
                                                  • FreeLibrary.KERNEL32(?), ref: 02B57942
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Library_malloc_strlen$CurrentErrorFreeLastLoadProcess
                                                  • String ID:
                                                  • API String ID: 1737148570-0
                                                  • Opcode ID: 573669838dc9c303cb6ba0d44168f7936d7d459da6fb18292a2e83da76d2747f
                                                  • Instruction ID: 8ce3d8c81442e485746c6aba441ed20127e946530272109a9237cafb6fab823d
                                                  • Opcode Fuzzy Hash: 573669838dc9c303cb6ba0d44168f7936d7d459da6fb18292a2e83da76d2747f
                                                  • Instruction Fuzzy Hash: 0331A875E40225BFDB009FA8D849BAEBBB9FF49345F0404D8ED05A7201DB719911DBB1
                                                  Function 02B5BA66 Relevance: 7.6, APIs: 5, Instructions: 110registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02B5BAA7
                                                  • _calloc.LIBCMT ref: 02B5BAC4
                                                    • Part of subcall function 02B79BDA: __calloc_impl.LIBCMT ref: 02B79BED
                                                  • RegEnumValueW.ADVAPI32(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 02B5BB28
                                                  • _free.LIBCMT ref: 02B5BB40
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: EnumInfoQueryValue__calloc_impl_calloc_free
                                                  • String ID:
                                                  • API String ID: 3985434401-0
                                                  • Opcode ID: b3e5321d5b58cd64630385b7e964d377c92ac507fdedd603e880079551d75830
                                                  • Instruction ID: b6e3080af4b1b836d52c8642d61cd7c27c2b26d33c245c630124f3c727f6cd41
                                                  • Opcode Fuzzy Hash: b3e5321d5b58cd64630385b7e964d377c92ac507fdedd603e880079551d75830
                                                  • Instruction Fuzzy Hash: 7531C2B6D10629BFDB159FA8DC85EBFB7ADEB04754F0001A9FC15AB244E7B05D008BA0
                                                  Function 02B5B984 Relevance: 7.6, APIs: 5, Instructions: 97registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 02B5B9C5
                                                  • _calloc.LIBCMT ref: 02B5B9DB
                                                    • Part of subcall function 02B79BDA: __calloc_impl.LIBCMT ref: 02B79BED
                                                  • RegEnumKeyW.ADVAPI32(?,00000000,00000000,?), ref: 02B5BA2D
                                                  • _free.LIBCMT ref: 02B5BA47
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: EnumInfoQuery__calloc_impl_calloc_free
                                                  • String ID:
                                                  • API String ID: 705483624-0
                                                  • Opcode ID: aa8606fbd5de12e356913bdf66406c9fdf58fad585f19d001890441ef22aa2e1
                                                  • Instruction ID: 67823b29374c11e8fe5e3d23e074e5ad90101bce90942e6165313335e58572f0
                                                  • Opcode Fuzzy Hash: aa8606fbd5de12e356913bdf66406c9fdf58fad585f19d001890441ef22aa2e1
                                                  • Instruction Fuzzy Hash: 7F21B476900219FBCB119FA9DC89EAF7F7AEF853A0F1004A9FD189B140DB718911CB50
                                                  Function 02B5804B Relevance: 7.6, APIs: 5, Instructions: 90COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _malloc.LIBCMT ref: 02B580B6
                                                    • Part of subcall function 02B79C52: __FF_MSGBANNER.LIBCMT ref: 02B79C69
                                                    • Part of subcall function 02B79C52: __NMSG_WRITE.LIBCMT ref: 02B79C70
                                                    • Part of subcall function 02B79C52: RtlAllocateHeap.NTDLL(00A40000,00000000,00000001,00000000,00000000,00000000,?,02B87D0E,?,?,?,00000000,?,02B87EE1,00000018,02B99648), ref: 02B79C95
                                                  • ReadProcessMemory.KERNEL32(?,?,00000000,00000000,?), ref: 02B580D2
                                                  • GetLastError.KERNEL32 ref: 02B580E2
                                                  • GetLastError.KERNEL32 ref: 02B580EB
                                                  • _free.LIBCMT ref: 02B58126
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$AllocateHeapMemoryProcessRead_free_malloc
                                                  • String ID:
                                                  • API String ID: 2014018624-0
                                                  • Opcode ID: ef3bf242780272085f96510d256742a87560afd2fb7dd0e41f487274ce8cc578
                                                  • Instruction ID: 4ccfead0c3967eedf53fad1d7975a53e20cc08a4f6282cb1fe3e5ddbf71e5757
                                                  • Opcode Fuzzy Hash: ef3bf242780272085f96510d256742a87560afd2fb7dd0e41f487274ce8cc578
                                                  • Instruction Fuzzy Hash: 6A219136D00224EFDB11AFA8DC45EAE7BBAFF49350F14049AED19AB201D7B15990CB94
                                                  Function 02B5A125 Relevance: 7.6, APIs: 5, Instructions: 77COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _memset.LIBCMT ref: 02B5A154
                                                  • _memset.LIBCMT ref: 02B5A16F
                                                  • _memset.LIBCMT ref: 02B5A18A
                                                  • OpenProcess.KERNEL32(00000400,00000000,00000000,?,?,?,00000000,00000000,?,02B5951A,00000000), ref: 02B5A195
                                                  • CloseHandle.KERNEL32(00000000,?,?,?,00000000,00000000,?,02B5951A,00000000), ref: 02B5A1A0
                                                    • Part of subcall function 02B5A23E: _wmemset.LIBCMT ref: 02B5A268
                                                    • Part of subcall function 02B5A23E: OpenProcess.KERNEL32(00000410,00000000,?,?,00000000,00000000), ref: 02B5A279
                                                    • Part of subcall function 02B5A23E: LoadLibraryA.KERNEL32(psapi), ref: 02B5A28E
                                                    • Part of subcall function 02B5A23E: GetProcAddress.KERNEL32(00000000,GetModuleFileNameExW), ref: 02B5A2AC
                                                    • Part of subcall function 02B5A23E: FreeLibrary.KERNEL32(?), ref: 02B5A471
                                                    • Part of subcall function 02B5A23E: FreeLibrary.KERNEL32(?), ref: 02B5A47C
                                                    • Part of subcall function 02B5A23E: CloseHandle.KERNEL32(00000000), ref: 02B5A483
                                                    • Part of subcall function 02B5A23E: _wmemset.LIBCMT ref: 02B5A496
                                                    • Part of subcall function 02B5A4A7: _memset.LIBCMT ref: 02B5A4DA
                                                    • Part of subcall function 02B5A4A7: _memset.LIBCMT ref: 02B5A4F1
                                                    • Part of subcall function 02B5A4A7: _wmemset.LIBCMT ref: 02B5A513
                                                    • Part of subcall function 02B5A4A7: OpenProcess.KERNEL32(00000400,00000000,?,?,?,00000000,?,?,?,?,?,00000000), ref: 02B5A524
                                                    • Part of subcall function 02B5A4A7: OpenProcessToken.ADVAPI32(00000000,00000008,?,?,?,00000000,?,?,?,?,?,00000000), ref: 02B5A53B
                                                    • Part of subcall function 02B5A4A7: GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000), ref: 02B5A554
                                                    • Part of subcall function 02B5A4A7: _malloc.LIBCMT ref: 02B5A55D
                                                    • Part of subcall function 02B5A4A7: GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,?,?,?,?,00000000,?,?,?,?,?,00000000), ref: 02B5A577
                                                    • Part of subcall function 02B5A4A7: LookupAccountSidW.ADVAPI32(00000000,?,?,?,?,?,?), ref: 02B5A5AC
                                                    • Part of subcall function 02B59C8B: LoadLibraryA.KERNEL32(kernel32.dll,00000006,00000006,00000000,00000000,?,02B59C23,?,00000006,00000006,00000000,?,02B5776F,00000000,?,?), ref: 02B59CB3
                                                    • Part of subcall function 02B59C8B: GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02B59CC5
                                                    • Part of subcall function 02B59C8B: OpenProcess.KERNEL32(00000400,00000000,?,?,?,02B59C23,?,00000006,00000006,00000000,?,02B5776F,00000000,?,?,02B57723), ref: 02B59CDE
                                                    • Part of subcall function 02B59C8B: OpenProcess.KERNEL32(00001000,00000000,?,?,02B59C23,?,00000006,00000006,00000000,?,02B5776F,00000000,?,?,02B57723), ref: 02B59CF3
                                                    • Part of subcall function 02B59C8B: CloseHandle.KERNEL32(00000000,?,02B59C23,?,00000006,00000006,00000000,?,02B5776F,00000000,?,?,02B57723,?,02B57723,?), ref: 02B59D20
                                                    • Part of subcall function 02B59C8B: FreeLibrary.KERNEL32(00000000,?,02B59C23,?,00000006,00000006,00000000,?,02B5776F,00000000,?,?,02B57723,?,02B57723,?), ref: 02B59D28
                                                    • Part of subcall function 02B59A9F: _memset.LIBCMT ref: 02B59AB2
                                                    • Part of subcall function 02B59A9F: htonl.WS2_32(?), ref: 02B59ADD
                                                    • Part of subcall function 02B59A9F: _strlen.LIBCMT ref: 02B59B19
                                                    • Part of subcall function 02B59A9F: _strlen.LIBCMT ref: 02B59B4F
                                                    • Part of subcall function 02B59A9F: _strlen.LIBCMT ref: 02B59B83
                                                    • Part of subcall function 02B59A9F: htonl.WS2_32(?), ref: 02B59BA1
                                                    • Part of subcall function 02B59A9F: htonl.WS2_32(?), ref: 02B59BBC
                                                    • Part of subcall function 02B59A9F: htonl.WS2_32(?), ref: 02B59BD4
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: OpenProcess_memset$Library$htonl$CloseFreeHandleToken_strlen_wmemset$AddressInformationLoadProc$AccountLookup_malloc
                                                  • String ID:
                                                  • API String ID: 2630607148-0
                                                  • Opcode ID: a8a7ec8802ab9c5a131987befb4f1232826396a1a8b2a16ae85c844673a75b8f
                                                  • Instruction ID: a7f34da5250af9dedcd78218233acb15bcaf33188e9b65e41382c76d72ecd1c7
                                                  • Opcode Fuzzy Hash: a8a7ec8802ab9c5a131987befb4f1232826396a1a8b2a16ae85c844673a75b8f
                                                  • Instruction Fuzzy Hash: E9217276D4416D7AD762AAA58C44FFB76BDFF49780F0045F6B90CE6010EA349A848FB0
                                                  Function 02B5230B Relevance: 7.6, APIs: 5, Instructions: 76networkCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WSAStartup.WS2_32(00000202,?), ref: 02B52320
                                                  • _memset.LIBCMT ref: 02B52337
                                                    • Part of subcall function 02B5242F: WSASetLastError.WS2_32(00000000,?,02B52367,?,00000000,?,?,?,00000000), ref: 02B52458
                                                  • _memmove.LIBCMT ref: 02B52390
                                                  • _memmove.LIBCMT ref: 02B523B2
                                                  • WSACleanup.WS2_32 ref: 02B523C4
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _memmove$CleanupErrorLastStartup_memset
                                                  • String ID:
                                                  • API String ID: 3280440223-0
                                                  • Opcode ID: 82b5f953dc1377a64d90ce06b84754e459f4140d9998720a544d62dbda080e88
                                                  • Instruction ID: 1a4a70362629af4800221d40e61e382ba2172723a298ad6f775fcd906effc71c
                                                  • Opcode Fuzzy Hash: 82b5f953dc1377a64d90ce06b84754e459f4140d9998720a544d62dbda080e88
                                                  • Instruction Fuzzy Hash: 11215E71900218AFDB10DF98DC85FEEBBB9EF05314F0480A5FE04AB241D771AA59CBA0
                                                  Function 02B53E25 Relevance: 7.6, APIs: 5, Instructions: 74COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 02B53DC3: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00008000,02B53F86,?), ref: 02B53DF3
                                                    • Part of subcall function 02B53DC3: _free.LIBCMT ref: 02B53DFE
                                                  • _memset.LIBCMT ref: 02B53E89
                                                  • GetLastError.KERNEL32 ref: 02B53EB4
                                                  • _free.LIBCMT ref: 02B53EC2
                                                  • _free.LIBCMT ref: 02B53ECA
                                                  • _free.LIBCMT ref: 02B53ED0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _free$EnvironmentErrorExpandLastStrings_memset
                                                  • String ID:
                                                  • API String ID: 280312613-0
                                                  • Opcode ID: 0a0c7253d2e9962fe39faa9e52d0daaabb8409285129f4fff57b3e15e8a91476
                                                  • Instruction ID: 96fe83ff81029f38d0813aa9c5de5695748e9fae2a1fbc8c2cf2fe3ccffa1a0d
                                                  • Opcode Fuzzy Hash: 0a0c7253d2e9962fe39faa9e52d0daaabb8409285129f4fff57b3e15e8a91476
                                                  • Instruction Fuzzy Hash: BC21A535940219ABDB11AFA4DC41BAE37E5EF01BD0F0484EAFD189F240E7718950CBE5
                                                  Function 06545AD1 Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _malloc.LIBCMT ref: 06545ADD
                                                    • Part of subcall function 065458CC: __FF_MSGBANNER.LIBCMT ref: 065458E3
                                                    • Part of subcall function 065458CC: __NMSG_WRITE.LIBCMT ref: 065458EA
                                                    • Part of subcall function 065458CC: HeapAlloc.KERNEL32(00A40000,00000000,00000001,00000000,00000000,00000000,?,06549D21,?,?,?,00000000,?,0654C967,00000018,06559EB0), ref: 0654590F
                                                  • _free.LIBCMT ref: 06545AF0
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: AllocHeap_free_malloc
                                                  • String ID:
                                                  • API String ID: 2734353464-0
                                                  • Opcode ID: 2f6df5541511f0833818a7bed23dfb49d0deed4428ed60684325d86e08451dd2
                                                  • Instruction ID: 095a3e6e223e83bffe3fcea499ad73145be8eb5f0aa09342e0fa408bec3559cc
                                                  • Opcode Fuzzy Hash: 2f6df5541511f0833818a7bed23dfb49d0deed4428ed60684325d86e08451dd2
                                                  • Instruction Fuzzy Hash: 6611E03280431BAFDBE23F74EC18B5E7BD9BF4526CB1045A5FAA69A150FB71C4409A90
                                                  Function 028E0AD0 Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _malloc.LIBCMT ref: 028E0ADC
                                                    • Part of subcall function 028E00B0: __FF_MSGBANNER.LIBCMT ref: 028E00C7
                                                    • Part of subcall function 028E00B0: __NMSG_WRITE.LIBCMT ref: 028E00CE
                                                    • Part of subcall function 028E00B0: RtlAllocateHeap.NTDLL(00A40000,00000000,00000001,00000000,00000000,00000000,?,028E9533,?,?,?,00000000,?,028E98AE,00000018,028F5608), ref: 028E00F3
                                                  • _free.LIBCMT ref: 028E0AEF
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateHeap_free_malloc
                                                  • String ID:
                                                  • API String ID: 1020059152-0
                                                  • Opcode ID: 16064fb06d2772f0278b3dff40494b3015239972dc48217a1abcfe4f3719f235
                                                  • Instruction ID: deeac84c9100a1714492de44da923ead29ec37e402c9b3db5f97b3f24b34ead4
                                                  • Opcode Fuzzy Hash: 16064fb06d2772f0278b3dff40494b3015239972dc48217a1abcfe4f3719f235
                                                  • Instruction Fuzzy Hash: A211E73D94521AEBCF206F78A804A5A3799BF4636CF108D25F90FFA180FFB08550CA91
                                                  Function 02B79CE4 Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _malloc.LIBCMT ref: 02B79CF0
                                                    • Part of subcall function 02B79C52: __FF_MSGBANNER.LIBCMT ref: 02B79C69
                                                    • Part of subcall function 02B79C52: __NMSG_WRITE.LIBCMT ref: 02B79C70
                                                    • Part of subcall function 02B79C52: RtlAllocateHeap.NTDLL(00A40000,00000000,00000001,00000000,00000000,00000000,?,02B87D0E,?,?,?,00000000,?,02B87EE1,00000018,02B99648), ref: 02B79C95
                                                  • _free.LIBCMT ref: 02B79D03
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: AllocateHeap_free_malloc
                                                  • String ID:
                                                  • API String ID: 1020059152-0
                                                  • Opcode ID: 48204a7191f32df496c69a0b89bf2f1d7e746bb4a1ec8858ecd1df4ffbbed125
                                                  • Instruction ID: 20f12db84e31326e63c9552572baa898c3571817d76daa28a8d69224df465058
                                                  • Opcode Fuzzy Hash: 48204a7191f32df496c69a0b89bf2f1d7e746bb4a1ec8858ecd1df4ffbbed125
                                                  • Instruction Fuzzy Hash: 9611C232844A16AFCF202F78A954B69379AEF013A0F2045E5ED39AB650EF35D4508B98
                                                  Function 02B566A4 Relevance: 7.6, APIs: 5, Instructions: 64networksleepCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • send.WS2_32(?,?,?,00000000), ref: 02B566CD
                                                  • WSAGetLastError.WS2_32 ref: 02B566D8
                                                  • _memset.LIBCMT ref: 02B566F8
                                                  • select.WS2_32(00000000,00000000,?,00000000,?), ref: 02B5672B
                                                  • Sleep.KERNEL32(00000064), ref: 02B56737
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorLastSleep_memsetselectsend
                                                  • String ID:
                                                  • API String ID: 2842201636-0
                                                  • Opcode ID: f0f2ce69001d3bc9743635f1ff21398a91ea16d0063ee606bf6bf01a7b81145e
                                                  • Instruction ID: bf14894c26efa8622d5d18b8ff617f8e9c145e074926813930e9a9c3f006cce7
                                                  • Opcode Fuzzy Hash: f0f2ce69001d3bc9743635f1ff21398a91ea16d0063ee606bf6bf01a7b81145e
                                                  • Instruction Fuzzy Hash: 9E118675900129AFDB119F69DC88FEAB7BCEB05365F4041A5FD19A7240D7714D608F90
                                                  Function 028D480E Relevance: 7.6, APIs: 5, Instructions: 51memoryinjectionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WriteProcessMemory.KERNEL32(000000FF,028D47B3,?,00000005,?,?,?,028D4914,?,00000000,?,028D47B3,?,?), ref: 028D4826
                                                  • VirtualQuery.KERNEL32(?,?,0000001C,?,?), ref: 028D4841
                                                  • VirtualProtect.KERNEL32(?,00000040,00000040,?,?,?), ref: 028D4859
                                                  • VirtualProtect.KERNEL32(?,?,?,?,?,?), ref: 028D4876
                                                  • FlushInstructionCache.KERNEL32(000000FF,?,?,?,?), ref: 028D4880
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Virtual$Protect$CacheFlushInstructionMemoryProcessQueryWrite
                                                  • String ID:
                                                  • API String ID: 834688674-0
                                                  • Opcode ID: 9064139421ba403f033776ab1953c6615d80a880ac6053874bc82724570e16cb
                                                  • Instruction ID: 9aa0acc6325a81bda75e60ac15724d3ac0b01c41bfd6f20f974e4eb2ce81abb6
                                                  • Opcode Fuzzy Hash: 9064139421ba403f033776ab1953c6615d80a880ac6053874bc82724570e16cb
                                                  • Instruction Fuzzy Hash: 8C11303690015AFBCF118FA9CD08CDEBFB9EF49320B044316F664B21D0D631A9209B71
                                                  Function 06542462 Relevance: 7.5, APIs: 5, Instructions: 46threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetCurrentThread.KERNEL32 ref: 06542477
                                                  • OpenThreadToken.ADVAPI32(00000000), ref: 0654247E
                                                  • GetLastError.KERNEL32 ref: 06542488
                                                  • GetTokenInformation.ADVAPI32(00000000,00000009(TokenIntegrityLevel),?,00000004,?), ref: 0654249F
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ThreadToken$CurrentErrorInformationLastOpen
                                                  • String ID:
                                                  • API String ID: 1989924565-0
                                                  • Opcode ID: 84623708d7659c7293e16fafdaf9a021dd2d6ea61e1ad17a4132c3af976ec86c
                                                  • Instruction ID: 91b139b0579ce13ef1915937fe4c390a2108fefc0563a6765c1b2bb7ba6e9b70
                                                  • Opcode Fuzzy Hash: 84623708d7659c7293e16fafdaf9a021dd2d6ea61e1ad17a4132c3af976ec86c
                                                  • Instruction Fuzzy Hash: F1014C31910219FFDB10AA94DC0CBAD7BB9FF04349F1040A5F645D2190E7709A48EBA1
                                                  Function 028A48E8 Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _rand$__aulldiv__time64
                                                  • String ID:
                                                  • API String ID: 31558152-0
                                                  • Opcode ID: 899cdce02c3fbf9bb12613442a6671fee6294d77794b5b98c24d4df538d510c0
                                                  • Instruction ID: df197e1d4287f5841852c309fcd36a3056a70e275e10eb26a95d375a4cffedba
                                                  • Opcode Fuzzy Hash: 899cdce02c3fbf9bb12613442a6671fee6294d77794b5b98c24d4df538d510c0
                                                  • Instruction Fuzzy Hash: 4BF0523E10D3894CE237A36E54C1BE63AC78F53332F28844CE06893780C9A49099CD32
                                                  Function 028D54E8 Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __time64.LIBCMT ref: 028D54F6
                                                    • Part of subcall function 028E19D7: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,028D7D5E,00000000,?,00000000,000000FF,?,00000000,000000FF,028F5488,00000214,028D5B98,?), ref: 028E19E0
                                                    • Part of subcall function 028E19D7: __aulldiv.LIBCMT ref: 028E1A00
                                                  • _rand.LIBCMT ref: 028D550F
                                                  • _rand.LIBCMT ref: 028D5523
                                                  • _rand.LIBCMT ref: 028D5530
                                                  • _rand.LIBCMT ref: 028D553D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _rand$Time$FileSystem__aulldiv__time64
                                                  • String ID:
                                                  • API String ID: 2467205089-0
                                                  • Opcode ID: c116473ddee5a0eefd05309f425cc845962a4ae78a7c12446b6f83a35ecd9297
                                                  • Instruction ID: 91cbf9d1c84b64819781fc7351dfa0bc7150c7b89c54d6ead2f3a21a8795dc01
                                                  • Opcode Fuzzy Hash: c116473ddee5a0eefd05309f425cc845962a4ae78a7c12446b6f83a35ecd9297
                                                  • Instruction Fuzzy Hash: 1EF0593E24D34568DA21A25E6081F593BD78F53331F18590CE1AEA32C0C8E5B4988E72
                                                  Function 02B53D6C Relevance: 7.5, APIs: 5, Instructions: 36fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetFileAttributesW.KERNEL32(00000000,00000000,?,02B536E2,00000000), ref: 02B53D89
                                                  • SetFileAttributesW.KERNEL32(00000000,00000000,?,02B536E2,00000000), ref: 02B53D9D
                                                  • DeleteFileW.KERNEL32(00000000,?,02B536E2,00000000), ref: 02B53DA4
                                                  • GetLastError.KERNEL32(00000000,?,02B536E2,00000000), ref: 02B53DAE
                                                  • _free.LIBCMT ref: 02B53DB7
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: File$Attributes$DeleteErrorLast_free
                                                  • String ID:
                                                  • API String ID: 2673507734-0
                                                  • Opcode ID: f17f360761247e96c23b9ab72c46d9ac9d25a3e306979039231aed4026a7a161
                                                  • Instruction ID: bc05bf983787059875ea1a7b046f56be6371e34107ebca2410f94c915414a409
                                                  • Opcode Fuzzy Hash: f17f360761247e96c23b9ab72c46d9ac9d25a3e306979039231aed4026a7a161
                                                  • Instruction Fuzzy Hash: 7BF027325405326B43111BBDAE0CAAF37AAEF876F130802A1FC1DD73D0CB20885289E4
                                                  Function 028D49AC Relevance: 7.5, APIs: 5, Instructions: 34memoryinjectionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualQuery.KERNEL32(?,?,0000001C,?,?,028D4A8E,?,00000000,?,?,00000000,?,?,?,?,028D4627), ref: 028D49BB
                                                  • VirtualProtect.KERNEL32(?,?,00000040,?,?,?,028D4A8E,?,00000000,?,?,00000000), ref: 028D49CD
                                                  • WriteProcessMemory.KERNEL32(000000FF,?,?,00000005,?,?,?,028D4A8E,?,00000000,?,?,00000000), ref: 028D49E1
                                                  • VirtualProtect.KERNEL32(?,?,?,00000000,?,?,028D4A8E,?,00000000,?,?,00000000), ref: 028D49F4
                                                  • FlushInstructionCache.KERNEL32(000000FF,?,?,?,?,028D4A8E,?,00000000,?,?,00000000,?,?,?,?,028D4627), ref: 028D4A02
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Virtual$Protect$CacheFlushInstructionMemoryProcessQueryWrite
                                                  • String ID:
                                                  • API String ID: 834688674-0
                                                  • Opcode ID: 8cb6ccd1ed5d9abf2403c0f29bbb547eec25c18e844ebe7aa3baa62e3656eced
                                                  • Instruction ID: 3b8d9ca058fd27d4f6c4ab53da816df2cacab5df349278021ef4a6d128618182
                                                  • Opcode Fuzzy Hash: 8cb6ccd1ed5d9abf2403c0f29bbb547eec25c18e844ebe7aa3baa62e3656eced
                                                  • Instruction Fuzzy Hash: 19F0547684014EFBDF419FD0DD09DEEBBB9EB08311F100650FB25A10A0E6329AA59B61
                                                  Function 02B5FE78 Relevance: 7.5, APIs: 5, Instructions: 34windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetLastError.KERNEL32(0000023E), ref: 02B5FE8B
                                                  • GetLastError.KERNEL32 ref: 02B5FE9A
                                                  • FormatMessageA.KERNEL32(00001B00,?,00000000,00000000,?,00000000,00000000), ref: 02B5FEB2
                                                  • _free.LIBCMT ref: 02B5FECB
                                                    • Part of subcall function 02B79C1A: RtlFreeHeap.NTDLL(00000000,00000000,?,02B81D2C,00000000,?,?,?,00000000,?,02B87EE1,00000018,02B99648,00000008,02B87E2E,?), ref: 02B79C2E
                                                    • Part of subcall function 02B79C1A: GetLastError.KERNEL32(00000000,?,02B81D2C,00000000,?,?,?,00000000,?,02B87EE1,00000018,02B99648,00000008,02B87E2E,?,?), ref: 02B79C40
                                                  • SetLastError.KERNEL32(00000057,02B99210,0000002C,02B5EDD0,?,?), ref: 02B5FED2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$FormatFreeHeapMessage_free
                                                  • String ID:
                                                  • API String ID: 843191334-0
                                                  • Opcode ID: e4155d7fc2308a612a5f514a48cdca1151cc6a83c73307ed5c2fc273eed15fc2
                                                  • Instruction ID: c71f45886e7d56a41420c3ede6c40cb82dae92d26e5964fe09357499acef2757
                                                  • Opcode Fuzzy Hash: e4155d7fc2308a612a5f514a48cdca1151cc6a83c73307ed5c2fc273eed15fc2
                                                  • Instruction Fuzzy Hash: B0F06D74D40616BFDB049FA4D98A96DFB74FB05360B108644FC79A32D0D73059608E50
                                                  Function 02B5B624 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _free$Load
                                                  • String ID: W
                                                  • API String ID: 2065644320-655174618
                                                  • Opcode ID: 28ee6779a9ca48c3d928bcdfc7bc20147d7d2b9d41811514e48b461711db5c69
                                                  • Instruction ID: 474331c7be2bd8b6a5de11e4feb5fb142777ad91783e22dc7da7756dfe69fcc0
                                                  • Opcode Fuzzy Hash: 28ee6779a9ca48c3d928bcdfc7bc20147d7d2b9d41811514e48b461711db5c69
                                                  • Instruction Fuzzy Hash: 6E118E75900605FFCB105FA4DC49AAABBAAFF05395F044598FD19D7210D7B29D108B94
                                                  Function 02B7B82F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • __getstream.LIBCMT ref: 02B7B87F
                                                    • Part of subcall function 02B7FBA8: __getptd_noexit.LIBCMT ref: 02B7FBA8
                                                  • @_EH4_CallFilterFunc@8.LIBCMT ref: 02B7B8BA
                                                  • __wopenfile.LIBCMT ref: 02B7B8CA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: CallFilterFunc@8__getptd_noexit__getstream__wopenfile
                                                  • String ID: UC
                                                  • API String ID: 1820251861-3425185191
                                                  • Opcode ID: cd723fc314053231881c18fd0dff319c792d0563ddeb507408b8c241c92b7fec
                                                  • Instruction ID: 2a5fac42c8ef93af2fe7952374937415b4eb99b417f0f10916b5b826e1ccf213
                                                  • Opcode Fuzzy Hash: cd723fc314053231881c18fd0dff319c792d0563ddeb507408b8c241c92b7fec
                                                  • Instruction Fuzzy Hash: F111A071A04206ABDB10BFB58C4176E37A6AF45364B0445E9E829DB280EB34D941DFA1
                                                  Function 02B557BE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: DriveDrivesLogicalTypeswprintf
                                                  • String ID: %c:
                                                  • API String ID: 2130210953-1226554575
                                                  • Opcode ID: 91de800ae52681d33357dcef6e2ed45eac17caceb5403303e58aeb76d6df3f4a
                                                  • Instruction ID: 0cdd129f20d124d9506ca445363e168596b52746d6dc2d1e7803d4986996fe64
                                                  • Opcode Fuzzy Hash: 91de800ae52681d33357dcef6e2ed45eac17caceb5403303e58aeb76d6df3f4a
                                                  • Instruction Fuzzy Hash: 3E11C271E10219ABEB21DEA4CC44BEFB7B9FB44311F5089A6E914D7140E731A610CBA0
                                                  Function 028D82FE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 48sleeppipeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 028DA57D: WaitForSingleObject.KERNEL32(?,000000FF,?,028D4C1A,00000001,00000000,?,028D4BFE,00000000,00000000,028D6978,00000000,00000000,028D7DFF), ref: 028DA58B
                                                  • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 028D8327
                                                  • GetLastError.KERNEL32 ref: 028D8338
                                                  • Sleep.KERNEL32(?), ref: 028D8359
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ErrorLastNamedObjectPeekPipeSingleSleepWait
                                                  • String ID:
                                                  • API String ID: 52212926-3916222277
                                                  • Opcode ID: d48912fbed1a187e56402b3e431dbc26c2311761fb494f74d0a37bc5ea4eb537
                                                  • Instruction ID: 8f3c240044f7ca222c55be06018ce131f68888f47ee6041c02f820f2c56a8786
                                                  • Opcode Fuzzy Hash: d48912fbed1a187e56402b3e431dbc26c2311761fb494f74d0a37bc5ea4eb537
                                                  • Instruction Fuzzy Hash: AD014F3E900214EB8B285E9ADC48C5BFBB9EB8566171441A9E90CD7120C731DD95DAA1
                                                  Function 02B57D35 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleA.KERNEL32(kernel32,FreeLibrary,00000000,?,?,?,?,02B57950,00000000,?), ref: 02B57D53
                                                  • GetProcAddress.KERNEL32(00000000), ref: 02B57D5A
                                                    • Part of subcall function 02B5B04E: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,0000000D,00000000,00000009), ref: 02B5B0C1
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: AddressErrorHandleLastModuleProc
                                                  • String ID: FreeLibrary$kernel32
                                                  • API String ID: 4275029093-3113479021
                                                  • Opcode ID: 049b7eaec0b1c74bf6111b3f8242e37691de8b1f80b451a7a8a12a2982744b95
                                                  • Instruction ID: f2f2ecaa4d767d423d939f3899b516812f3cc6303c5e74ac96059785e05aac9a
                                                  • Opcode Fuzzy Hash: 049b7eaec0b1c74bf6111b3f8242e37691de8b1f80b451a7a8a12a2982744b95
                                                  • Instruction Fuzzy Hash: BEF08232D90209BBDB00EF989C06EDF7B7CEF15641F0000A2FE09EB150D6B155509BD0
                                                  Function 0654197A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleA.KERNEL32(ntdll.dll,?,?,?,06541537,00000000,?), ref: 06541984
                                                  • GetProcAddress.KERNEL32(00000000,NtQueryInformationFile), ref: 06541999
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: AddressHandleModuleProc
                                                  • String ID: NtQueryInformationFile$ntdll.dll
                                                  • API String ID: 1646373207-181822193
                                                  • Opcode ID: 1bbb138ff10a0a06952d761f11a400a5dd6f730116a58079cb3d3fd1915e9550
                                                  • Instruction ID: 680fc16e37a303431c386cc5732498d0ff8258e19dd5f86a24684124ea8a9ea1
                                                  • Opcode Fuzzy Hash: 1bbb138ff10a0a06952d761f11a400a5dd6f730116a58079cb3d3fd1915e9550
                                                  • Instruction Fuzzy Hash: 92E09B70A60308BBEB60AFA1CC1EF7D7B6CFB00729F004284F915940D0FBB196449661
                                                  Function 06541935 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleA.KERNEL32(ntdll.dll,?,?,?,0654174D,?,?), ref: 0654193F
                                                  • GetProcAddress.KERNEL32(00000000,NtSetInformationFile), ref: 06541954
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: AddressHandleModuleProc
                                                  • String ID: NtSetInformationFile$ntdll.dll
                                                  • API String ID: 1646373207-3010545110
                                                  • Opcode ID: 26744e8782c4a5613b0f8305ae31990d8a27220a0cffdbc9bfd60d4787d5a867
                                                  • Instruction ID: d88366018faef09659f1484d75792ec9b1b388b8f5b20ae3a37483468e967fde
                                                  • Opcode Fuzzy Hash: 26744e8782c4a5613b0f8305ae31990d8a27220a0cffdbc9bfd60d4787d5a867
                                                  • Instruction Fuzzy Hash: EDE06570A60308BBEB60AF60CC0EF793B6CEB00779F004288F91594090EBB1954496A1
                                                  Function 028D770E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryA.KERNEL32(advapi32.dll,?,028D7B40,00000000,00000004,00000004,00000000,028D7C4D), ref: 028D7729
                                                  • GetProcAddress.KERNEL32(00000000,AddMandatoryAce), ref: 028D7739
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AddressLibraryLoadProc
                                                  • String ID: AddMandatoryAce$advapi32.dll
                                                  • API String ID: 2574300362-673174713
                                                  • Opcode ID: 073ed272172de60f232ffd4350abecf83211719cd617ae88300b2bc4db6c3494
                                                  • Instruction ID: 128c3dd177326f86be9c425597ef8f04bf1945a438553cebc8bd97c813cd16bd
                                                  • Opcode Fuzzy Hash: 073ed272172de60f232ffd4350abecf83211719cd617ae88300b2bc4db6c3494
                                                  • Instruction Fuzzy Hash: B2F0303DA80209EBEB559FA5DC88F553BA5BB48758F008C14FB0AD12A0DB71D074DB64
                                                  Function 02B5AE2A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,IsWow64Process,?,?,02B5A779), ref: 02B5AE45
                                                  • GetProcAddress.KERNEL32(00000000), ref: 02B5AE4C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: AddressHandleModuleProc
                                                  • String ID: IsWow64Process$kernel32.dll
                                                  • API String ID: 1646373207-3024904723
                                                  • Opcode ID: 5201b1980e35deeed63cfc69a64eda67a7ffbc0212ce08722e751c352e3f33dd
                                                  • Instruction ID: c3402518154f170d173eda4f8358990262e1a7f40c79ea12e628d160a3634786
                                                  • Opcode Fuzzy Hash: 5201b1980e35deeed63cfc69a64eda67a7ffbc0212ce08722e751c352e3f33dd
                                                  • Instruction Fuzzy Hash: E1F06C31DA011AFBEF01CFA8DD46F9977BCD714745F100594F805D7150E7759A50AB50
                                                  Function 028DA796 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 11libraryloaderCOMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • LoadLibraryA.KERNEL32(kernel32.dll,028D7D58,?,00000000,000000FF,?,00000000,000000FF,028F5488,00000214,028D5B98,?,00000001,?,?), ref: 028DA79B
                                                  • GetProcAddress.KERNEL32(00000000,SetThreadErrorMode), ref: 028DA7A7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AddressLibraryLoadProc
                                                  • String ID: SetThreadErrorMode$kernel32.dll
                                                  • API String ID: 2574300362-2080226504
                                                  • Opcode ID: 40911055b4d0f48fee702b694e055abaf0843ff1356d641c87bf690b7b2964f0
                                                  • Instruction ID: 6c4c73af8a293fa5e123a59e9b2ed38b7a1193fe0d8a1d0e7078fa8990ce1383
                                                  • Opcode Fuzzy Hash: 40911055b4d0f48fee702b694e055abaf0843ff1356d641c87bf690b7b2964f0
                                                  • Instruction Fuzzy Hash: 92C04C7CBC1300A6FA9416E15C0EF5527546B94E42F145450B74AE61C4DB9581504665
                                                  Function 028A2A7C Relevance: 6.1, APIs: 4, Instructions: 141COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free$_malloc_memset
                                                  • String ID:
                                                  • API String ID: 2102557794-0
                                                  • Opcode ID: c481eea892dee3bce29bb15762741528bf2679f3664e53bb8b39595764434b48
                                                  • Instruction ID: c3537fdba50b916d7181397286a2c52d8f479dfb9c0e21de418b0dc9388d60bf
                                                  • Opcode Fuzzy Hash: c481eea892dee3bce29bb15762741528bf2679f3664e53bb8b39595764434b48
                                                  • Instruction Fuzzy Hash: 4C41913D900209EFFF349EA4CCA09AE7B7AEF44214B144469FE09D6514DF3299A2CB91
                                                  Function 028A5013 Relevance: 6.1, APIs: 4, Instructions: 139COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _calloc.LIBCMT ref: 028A5037
                                                    • Part of subcall function 028AFD11: __calloc_impl.LIBCMT ref: 028AFD24
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: __calloc_impl_calloc
                                                  • String ID:
                                                  • API String ID: 2108883976-0
                                                  • Opcode ID: 857d39be020944963ace4974fb8e9873344ad620ca27a451d20fd1af541f8110
                                                  • Instruction ID: fd656d72a6e55c53b424df722ff22bf008ea836b8372aa4290dc3fad63215849
                                                  • Opcode Fuzzy Hash: 857d39be020944963ace4974fb8e9873344ad620ca27a451d20fd1af541f8110
                                                  • Instruction Fuzzy Hash: 7341AA79900219EFEB11DF68CC85EAB7BA8FF08314F544169FC08D6251EB74D9A0CBA0
                                                  Function 02B7B593 Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                                  • String ID:
                                                  • API String ID: 2782032738-0
                                                  • Opcode ID: 3fa79d3859be868de6fe2c85e0f9b03fdaf327c1eda0ae9b4cfabf95088ee0a3
                                                  • Instruction ID: a807c97985fc37f73c0b99365bb1d2a7c5f6e1a106f15a9080668bd30e4992de
                                                  • Opcode Fuzzy Hash: 3fa79d3859be868de6fe2c85e0f9b03fdaf327c1eda0ae9b4cfabf95088ee0a3
                                                  • Instruction Fuzzy Hash: 8E41D67170470A9FDF189E69C8909AFB7A6EF40368F1485BDE925C7280EB70D940CF40
                                                  Function 065415EA Relevance: 6.1, APIs: 4, Instructions: 121COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetLastError.KERNEL32(00000057), ref: 06541629
                                                  • GetLastError.KERNEL32(?,?), ref: 06541645
                                                  • _memset.LIBCMT ref: 065416DF
                                                  • SetLastError.KERNEL32(00000000), ref: 06541758
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$_memset
                                                  • String ID:
                                                  • API String ID: 536390146-0
                                                  • Opcode ID: 212fb912533da58263a959a1a5cf328a481a49fd3665c7e3dc90028a08e0b5e7
                                                  • Instruction ID: bc739f223149a7d79abf4435121ea0b78482697a530e33c0581587fd5f8d64d9
                                                  • Opcode Fuzzy Hash: 212fb912533da58263a959a1a5cf328a481a49fd3665c7e3dc90028a08e0b5e7
                                                  • Instruction Fuzzy Hash: 63411875C00219EFDF50EFE4D948AEEBBB9FF08314F1040AAE914AB610EB359A458B54
                                                  Function 028A3868 Relevance: 6.1, APIs: 4, Instructions: 104COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _malloc.LIBCMT ref: 028A38A2
                                                    • Part of subcall function 028AF4B0: __FF_MSGBANNER.LIBCMT ref: 028AF4C7
                                                    • Part of subcall function 028AF4B0: __NMSG_WRITE.LIBCMT ref: 028AF4CE
                                                  • _free.LIBCMT ref: 028A3976
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free_malloc
                                                  • String ID:
                                                  • API String ID: 845055658-0
                                                  • Opcode ID: 2f03c932dbb13106ba84090b336d788dba5e931ee79d883b27616532289682d8
                                                  • Instruction ID: 0072d06de2ef9ee5f7267b70aeb70a515b2b05c7ee1bef679b721a0344822067
                                                  • Opcode Fuzzy Hash: 2f03c932dbb13106ba84090b336d788dba5e931ee79d883b27616532289682d8
                                                  • Instruction Fuzzy Hash: B63192BD900219AFEB00DF68CC50A9A7BA9FF08355B1541A6E908E7211EB31ED51CBD0
                                                  Function 0654C66A Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0654C6A0
                                                  • __isleadbyte_l.LIBCMT ref: 0654C6CE
                                                  • MultiByteToWideChar.KERNEL32(00000080,00000009,06547EED,00000001,00000000,00000000,?,00000000,00000000,?,?,06547EED,00000000), ref: 0654C6FC
                                                  • MultiByteToWideChar.KERNEL32(00000080,00000009,06547EED,00000001,00000000,00000000,?,00000000,00000000,?,?,06547EED,00000000), ref: 0654C732
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                  • String ID:
                                                  • API String ID: 3058430110-0
                                                  • Opcode ID: 0d8d9b9423f7920db18c2e594204b478ded7721fcf41c876b3ee259d51e25fb0
                                                  • Instruction ID: 632f4a45d304a97886ab4da116e1efc126becc1d5bb0f4e29b2ce51739bb82b6
                                                  • Opcode Fuzzy Hash: 0d8d9b9423f7920db18c2e594204b478ded7721fcf41c876b3ee259d51e25fb0
                                                  • Instruction Fuzzy Hash: C531F731A06246AFDB61AF39CC48BBA7FA5FF81318F1585A9E8658B190E730D450DF90
                                                  Function 028ED2D2 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 028ED308
                                                  • __isleadbyte_l.LIBCMT ref: 028ED336
                                                  • MultiByteToWideChar.KERNEL32(00000080,00000009,00000108,00000001,?,00000000), ref: 028ED364
                                                  • MultiByteToWideChar.KERNEL32(00000080,00000009,00000108,00000001,?,00000000), ref: 028ED39A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                  • String ID:
                                                  • API String ID: 3058430110-0
                                                  • Opcode ID: 2cc2a2d8e21a942f21f4dc5cce5f4fa07e6da4081ed3f896214e59a2a07ff31b
                                                  • Instruction ID: 0ae4b9f2c9b7ffa24c6c5ad817120dd4fca2f31e9c4f38cb707ada1009f7eb74
                                                  • Opcode Fuzzy Hash: 2cc2a2d8e21a942f21f4dc5cce5f4fa07e6da4081ed3f896214e59a2a07ff31b
                                                  • Instruction Fuzzy Hash: F231C43D604246EFDF218E75C844B6E7BAEFF42314F194519E81ADB190E731E894CB90
                                                  Function 02B8B9E5 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 02B8BA1B
                                                  • __isleadbyte_l.LIBCMT ref: 02B8BA49
                                                  • MultiByteToWideChar.KERNEL32(00000080,00000009,02B80337,00000001,00000000,00000000,?,00000000,00000000,?,?,02B80337,00000000), ref: 02B8BA77
                                                  • MultiByteToWideChar.KERNEL32(00000080,00000009,02B80337,00000001,00000000,00000000,?,00000000,00000000,?,?,02B80337,00000000), ref: 02B8BAAD
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                  • String ID:
                                                  • API String ID: 3058430110-0
                                                  • Opcode ID: 011dbbb1a04a4caa205de5bb6c6c25af5b503d95cf8754a15136254b7e6f7f6f
                                                  • Instruction ID: 072d883802cd136e53bd8b69414964f6b17c996090f471c9077512f556e9aa41
                                                  • Opcode Fuzzy Hash: 011dbbb1a04a4caa205de5bb6c6c25af5b503d95cf8754a15136254b7e6f7f6f
                                                  • Instruction Fuzzy Hash: DD319E3160028AEFDF21AF75C844BBA7BA5FF41318F1544A9E879C71A0EB31E851DB90
                                                  Function 02B599C6 Relevance: 6.1, APIs: 4, Instructions: 80sleepfilepipeCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 02B59A0A
                                                  • ReadFile.KERNEL32(?,?,00003FFF,?,00000000), ref: 02B59A2D
                                                  • Sleep.KERNEL32(00000064), ref: 02B59A5C
                                                  • GetLastError.KERNEL32 ref: 02B59A64
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorFileLastNamedPeekPipeReadSleep
                                                  • String ID:
                                                  • API String ID: 3382443847-0
                                                  • Opcode ID: 7bfb71c674fe2a703ae0d301b0b2b479b247f71c94b3de94d1101fa758f68fbf
                                                  • Instruction ID: 7af6946754dc3d196483dbac24b7237fe2a363548393b9590e8fd50e8bd5afbd
                                                  • Opcode Fuzzy Hash: 7bfb71c674fe2a703ae0d301b0b2b479b247f71c94b3de94d1101fa758f68fbf
                                                  • Instruction Fuzzy Hash: 85218C7591012AFFDB219B59DC09EAB7BB9FF44750F0480A4FE199A010D7719A20DBF0
                                                  Function 028A2EB0 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _memmove$_free_malloc
                                                  • String ID:
                                                  • API String ID: 2856543016-0
                                                  • Opcode ID: 3792cbfbe5d65fbfd7042a7086a9812cc0826866973f683f740a6226c85bff4e
                                                  • Instruction ID: ec8e0b2b09a8aee7de82777b2f98e8cf602737ebaad0d7b0bee3356824631044
                                                  • Opcode Fuzzy Hash: 3792cbfbe5d65fbfd7042a7086a9812cc0826866973f683f740a6226c85bff4e
                                                  • Instruction Fuzzy Hash: 2E2156BED00219ABDF20DF99CC54A9ABBB9FF54314B144459EE09E7301DB71AA21CB90
                                                  Function 028A5873 Relevance: 6.1, APIs: 4, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _memcmp$_free
                                                  • String ID:
                                                  • API String ID: 446014804-0
                                                  • Opcode ID: 8aad87d1b734ed16f4d1ab9ef1a1233e27cca29c9bcddfbac8858ed2466a2a77
                                                  • Instruction ID: a87a01d139da6ed07dd0cde771ab9cb6896b191a5bfdd1c54aff82fbe8be3204
                                                  • Opcode Fuzzy Hash: 8aad87d1b734ed16f4d1ab9ef1a1233e27cca29c9bcddfbac8858ed2466a2a77
                                                  • Instruction Fuzzy Hash: C421A17D900706ABE7208F15E860B5AB3B5BF08324F540529E949DBA51EB34F9D0CFE1
                                                  Function 028D6473 Relevance: 6.1, APIs: 4, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _memcmp$_free
                                                  • String ID:
                                                  • API String ID: 446014804-0
                                                  • Opcode ID: bbb80a8a5233bc52ca501a5834f0342d74ed7afe5a57ddd538333eb4f04733e0
                                                  • Instruction ID: 546d367777339bf903e1c95b1bca03415613193f81525ca6bfcaa86118b48b0b
                                                  • Opcode Fuzzy Hash: bbb80a8a5233bc52ca501a5834f0342d74ed7afe5a57ddd538333eb4f04733e0
                                                  • Instruction Fuzzy Hash: 31216D7D60071AABCB208F15F840B56B7BAAF18324B104529E909D7655F331F9E8CBE1
                                                  Function 028D97F6 Relevance: 6.1, APIs: 4, Instructions: 75encryptionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WinHttpQueryHeaders.WINHTTP(?,20000013,00000000,?,?,00000000), ref: 028D9818
                                                  • WinHttpQueryOption.WINHTTP(?,0000004E,?,?), ref: 028D9866
                                                  • CertGetCertificateContextProperty.CRYPT32(?,00000003,?,?), ref: 028D9883
                                                  • _memcmp.LIBCMT ref: 028D9895
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: HttpQuery$CertCertificateContextHeadersOptionProperty_memcmp
                                                  • String ID:
                                                  • API String ID: 2937751893-0
                                                  • Opcode ID: 2472cff59d7cc8d5811834557c4d4925ccdb4e048b3e1f21f186100750d6bf7a
                                                  • Instruction ID: fcf91e12c93fb57a2b83e40e84d29859749f5cb6aec4d1cd7ca69c5da3a4fe3e
                                                  • Opcode Fuzzy Hash: 2472cff59d7cc8d5811834557c4d4925ccdb4e048b3e1f21f186100750d6bf7a
                                                  • Instruction Fuzzy Hash: 6921417D94010CEADB208E96DC84EEEBBBDEB84724F048166E909E6140D771DA54CB60
                                                  Function 02B5DD45 Relevance: 6.1, APIs: 4, Instructions: 67keyboardthreadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetAsyncKeyState.USER32(0000000A), ref: 02B5DD94
                                                  • _free.LIBCMT ref: 02B5DDA9
                                                  • _calloc.LIBCMT ref: 02B5DDB6
                                                  • CreateThread.KERNEL32(00000000,00000000,02B5E7A8,00000000,00000000,00000000), ref: 02B5DDCC
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: AsyncCreateStateThread_calloc_free
                                                  • String ID:
                                                  • API String ID: 1766392302-0
                                                  • Opcode ID: 910ea20dd2eac7e71ab7ee1333afd6a958b5e87175b030c41ec68dd672791f22
                                                  • Instruction ID: e72c7f3b37225237f53f97b58cd43abc4e99299a6983e465c726343ad925937f
                                                  • Opcode Fuzzy Hash: 910ea20dd2eac7e71ab7ee1333afd6a958b5e87175b030c41ec68dd672791f22
                                                  • Instruction Fuzzy Hash: 5011C435AA1221AFD7506F79E88AF963FA9FB497D4F10456DF90C8B280D7718810CF90
                                                  Function 02B5F987 Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32 ref: 02B5FE9A
                                                  • FormatMessageA.KERNEL32(00001B00,?,00000000,00000000,?,00000000,00000000), ref: 02B5FEB2
                                                  • _free.LIBCMT ref: 02B5FECB
                                                    • Part of subcall function 02B79C1A: RtlFreeHeap.NTDLL(00000000,00000000,?,02B81D2C,00000000,?,?,?,00000000,?,02B87EE1,00000018,02B99648,00000008,02B87E2E,?), ref: 02B79C2E
                                                    • Part of subcall function 02B79C1A: GetLastError.KERNEL32(00000000,?,02B81D2C,00000000,?,?,?,00000000,?,02B87EE1,00000018,02B99648,00000008,02B87E2E,?,?), ref: 02B79C40
                                                  • SetLastError.KERNEL32(00000057,02B99210,0000002C,02B5EDD0,?,?), ref: 02B5FED2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$FormatFreeHeapMessage_free
                                                  • String ID:
                                                  • API String ID: 843191334-0
                                                  • Opcode ID: 526dc5ab7ca29c4f8a73c7d1b0aa3cdb74a18493baf997c00b5d245ce59bc15e
                                                  • Instruction ID: c5edfdf728ca48088d0ed1fe65c2139e5492d5f7b9331c2dffabd3b16832b340
                                                  • Opcode Fuzzy Hash: 526dc5ab7ca29c4f8a73c7d1b0aa3cdb74a18493baf997c00b5d245ce59bc15e
                                                  • Instruction Fuzzy Hash: 04219D76800B15FFCB225FA4DA44D6AFBB6FF093103008A0DFAAA41920D732A460EF50
                                                  Function 028A2987 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _malloc$_free_memmove_memset
                                                  • String ID:
                                                  • API String ID: 3821639056-0
                                                  • Opcode ID: 84ad5239f470f045c774947c6461db272a0b07bd5ac11340428ecea2c56f9a58
                                                  • Instruction ID: 0639c608de83ffaa0830dadf11d445e09f0d9fb75afc25f2bfb6de424faf489c
                                                  • Opcode Fuzzy Hash: 84ad5239f470f045c774947c6461db272a0b07bd5ac11340428ecea2c56f9a58
                                                  • Instruction Fuzzy Hash: 2C11E57E5007069BF7309F49ECA0B6673E9FF50B59F28442DEAC9C6A40EB31A450CB61
                                                  Function 028D3587 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _malloc$_free_memmove_memset
                                                  • String ID:
                                                  • API String ID: 3821639056-0
                                                  • Opcode ID: 0bb6fbcf074736c2543c5451c6be4d32b4168f2f53d0822a74109f28d2964212
                                                  • Instruction ID: 355f716f32875b5877ad854e9d5d0e05ec19d55a8d00f011c7db9a8c4d83cf2e
                                                  • Opcode Fuzzy Hash: 0bb6fbcf074736c2543c5451c6be4d32b4168f2f53d0822a74109f28d2964212
                                                  • Instruction Fuzzy Hash: 4C11047E6003069BDB309F89EC81B26B3E9EF41358F28082DE58AD6650E770A454CF22
                                                  Function 02B5F938 Relevance: 6.1, APIs: 4, Instructions: 57windowCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLastError.KERNEL32 ref: 02B5FE9A
                                                  • FormatMessageA.KERNEL32(00001B00,?,00000000,00000000,?,00000000,00000000), ref: 02B5FEB2
                                                  • _free.LIBCMT ref: 02B5FECB
                                                    • Part of subcall function 02B79C1A: RtlFreeHeap.NTDLL(00000000,00000000,?,02B81D2C,00000000,?,?,?,00000000,?,02B87EE1,00000018,02B99648,00000008,02B87E2E,?), ref: 02B79C2E
                                                    • Part of subcall function 02B79C1A: GetLastError.KERNEL32(00000000,?,02B81D2C,00000000,?,?,?,00000000,?,02B87EE1,00000018,02B99648,00000008,02B87E2E,?,?), ref: 02B79C40
                                                  • SetLastError.KERNEL32(00000057,02B99210,0000002C,02B5EDD0,?,?), ref: 02B5FED2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$FormatFreeHeapMessage_free
                                                  • String ID:
                                                  • API String ID: 843191334-0
                                                  • Opcode ID: a0491169e5b1735df7ce5d686fa1ae95919b620e0ac42dbf6f019a622d11a316
                                                  • Instruction ID: c083fe73c9e11de341a92eb675139a8dd40415447ba313dc47c18055fbac6ebf
                                                  • Opcode Fuzzy Hash: a0491169e5b1735df7ce5d686fa1ae95919b620e0ac42dbf6f019a622d11a316
                                                  • Instruction Fuzzy Hash: A021A276400B15FFDB225FA5CE45D6AFBB6FF09340300890DF6AA41920D732A460EF50
                                                  Function 02B5DE59 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _memset$_free_strlen
                                                  • String ID:
                                                  • API String ID: 1936054734-0
                                                  • Opcode ID: adedfb64344e72f55a8665e4d0ecc519c6504fb68482bae55e7f14d736752197
                                                  • Instruction ID: 4581a6570dd3ae5defbd22ae23329f9c16735656c3561f2aab3f92ff0942a631
                                                  • Opcode Fuzzy Hash: adedfb64344e72f55a8665e4d0ecc519c6504fb68482bae55e7f14d736752197
                                                  • Instruction Fuzzy Hash: CF11C475A64244FFD740AF69DC86DBA3BAAFB89390F040499FD1D8B110C7B25C21CB50
                                                  Function 028A9B0F Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free_malloc_memset
                                                  • String ID:
                                                  • API String ID: 2338540524-0
                                                  • Opcode ID: f1caffe9f3ffdc776b6fa327cc2749ae1920a14dd8627768b5cf5d42b9870624
                                                  • Instruction ID: 4e94750a53956cb04fbee2b2730de3f95ccfe6eef3d6171e0a8ea8f353c5095f
                                                  • Opcode Fuzzy Hash: f1caffe9f3ffdc776b6fa327cc2749ae1920a14dd8627768b5cf5d42b9870624
                                                  • Instruction Fuzzy Hash: FA01D63D60AB25ABF720AF699C21F577BD5EF44760F108429E649CA640EF31D4028BE2
                                                  Function 028A88F2 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _malloc.LIBCMT ref: 028A88F9
                                                    • Part of subcall function 028AF4B0: __FF_MSGBANNER.LIBCMT ref: 028AF4C7
                                                    • Part of subcall function 028AF4B0: __NMSG_WRITE.LIBCMT ref: 028AF4CE
                                                  • _malloc.LIBCMT ref: 028A8902
                                                  • _memset.LIBCMT ref: 028A891D
                                                  • _memset.LIBCMT ref: 028A8927
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _malloc_memset
                                                  • String ID:
                                                  • API String ID: 4137368368-0
                                                  • Opcode ID: 827d850480ab766bfea739654fc5707aec65d88d5fb5303200c501581b14e378
                                                  • Instruction ID: 37d4d47dcfa9dbd0cfd04aac5910655c6ad8733a1199957a4be859f494bb0b8d
                                                  • Opcode Fuzzy Hash: 827d850480ab766bfea739654fc5707aec65d88d5fb5303200c501581b14e378
                                                  • Instruction Fuzzy Hash: 291160B45017809BE760DF29C440B47BBE5FF44750F50892DE68A9FB81DBBAB0028F49
                                                  Function 028D94F2 Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _malloc.LIBCMT ref: 028D94F9
                                                    • Part of subcall function 028E00B0: __FF_MSGBANNER.LIBCMT ref: 028E00C7
                                                    • Part of subcall function 028E00B0: __NMSG_WRITE.LIBCMT ref: 028E00CE
                                                    • Part of subcall function 028E00B0: RtlAllocateHeap.NTDLL(00A40000,00000000,00000001,00000000,00000000,00000000,?,028E9533,?,?,?,00000000,?,028E98AE,00000018,028F5608), ref: 028E00F3
                                                  • _malloc.LIBCMT ref: 028D9502
                                                  • _memset.LIBCMT ref: 028D951D
                                                  • _memset.LIBCMT ref: 028D9527
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _malloc_memset$AllocateHeap
                                                  • String ID:
                                                  • API String ID: 3465003713-0
                                                  • Opcode ID: 459319e3af5aa329b75d988fe15b45858dc29a65feb40a9334039e583c6858ec
                                                  • Instruction ID: b4bcfd6c52e861a5010cd9f55a2b1d42f605b710f682bbba93c96c59809781d0
                                                  • Opcode Fuzzy Hash: 459319e3af5aa329b75d988fe15b45858dc29a65feb40a9334039e583c6858ec
                                                  • Instruction Fuzzy Hash: BC1149BC2007009BDB70EF69C644B47BBE1BB05714F10896DE69AEBA81D7B5B40D8F49
                                                  Function 028D6C03 Relevance: 6.1, APIs: 4, Instructions: 52fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,00000000,00000000,00010191,00010191,?,028D679D,00000000,?,?), ref: 028D6C24
                                                  • GetLastError.KERNEL32(?,028D679D,00000000,?,?), ref: 028D6C31
                                                  • WriteFile.KERNEL32(00000000,00000000,028D679D,?,00000000,?,?,028D679D,00000000,?,?), ref: 028D6C50
                                                  • CloseHandle.KERNEL32(00000000,?,?,028D679D,00000000,?,?), ref: 028D6C69
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: File$CloseCreateErrorHandleLastWrite
                                                  • String ID:
                                                  • API String ID: 1150274393-0
                                                  • Opcode ID: 3c61aa8e5b1548989d325a817020f501d1ec340b57e082f1e50053aa5b4d834c
                                                  • Instruction ID: 856b3f06a3e39d1a23ff7dffc5ec001846ea88a7005931b71e6751c8a86e045d
                                                  • Opcode Fuzzy Hash: 3c61aa8e5b1548989d325a817020f501d1ec340b57e082f1e50053aa5b4d834c
                                                  • Instruction Fuzzy Hash: 04014079A00228BBDB208BA5DC8CE9FBB7CEF45664F100545F509E3280E671694487A4
                                                  Function 028D4584 Relevance: 6.1, APIs: 4, Instructions: 51memorylibraryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _strrchr.LIBCMT ref: 028D458E
                                                  • VirtualAlloc.KERNEL32(00000000,00000180,00001000,00000040), ref: 028D45AA
                                                  • LoadLibraryA.KERNEL32 ref: 028D4614
                                                  • VirtualFree.KERNEL32(00000000), ref: 028D4636
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Virtual$AllocFreeLibraryLoad_strrchr
                                                  • String ID:
                                                  • API String ID: 3090839149-0
                                                  • Opcode ID: 470f432f1ecece105f47d52a802319689d3ec5943a8704cb6e6ee7d0d56741a3
                                                  • Instruction ID: e0140c2ecfa7d89971b900e89ef0bb4126399ee64410df0bc7e25ee593cb58b1
                                                  • Opcode Fuzzy Hash: 470f432f1ecece105f47d52a802319689d3ec5943a8704cb6e6ee7d0d56741a3
                                                  • Instruction Fuzzy Hash: C711C83C980202EBDB996F94EC09F853B66EB04760F040421F78DEA1D1CF7558A08F44
                                                  Function 028DA8CD Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 028DA8E7
                                                  • _calloc.LIBCMT ref: 028DA8FB
                                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 028DA919
                                                  • _free.LIBCMT ref: 028DA924
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ByteCharMultiWide$_calloc_free
                                                  • String ID:
                                                  • API String ID: 214096796-0
                                                  • Opcode ID: 226f3f9d99aebd5798a279265c6d1bc281a9058f8775c0883bcc96b4c3a6b543
                                                  • Instruction ID: fc1be20873ead1f90fc4f883cfd5e99722ab90d3aa4683d60ef7d3cf4318dcd2
                                                  • Opcode Fuzzy Hash: 226f3f9d99aebd5798a279265c6d1bc281a9058f8775c0883bcc96b4c3a6b543
                                                  • Instruction Fuzzy Hash: 2FF0507E3852267EBB2439B45C44DB77B4DDB047B17210621BD18D51C0EB51CC4041F0
                                                  Function 0655185D Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079265392.0000000006541000.00000020.00001000.00020000.00000000.sdmp, Offset: 06540000, based on PE: true
                                                  • Associated: 00000000.00000002.2079250190.0000000006540000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079293247.0000000006555000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079310887.000000000655B000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079331213.000000000655F000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_6540000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                  • String ID:
                                                  • API String ID: 3016257755-0
                                                  • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                  • Instruction ID: e56cf834f16d32f2545156438128a459d660df794ac12a9ab8e3f72db73be5e2
                                                  • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                  • Instruction Fuzzy Hash: C5014E3250054EBBCFA25E84CC699ED3F62BB59254F4A8916FE2858430C336C5B1EB82
                                                  Function 028B6B91 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                  • String ID:
                                                  • API String ID: 3016257755-0
                                                  • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                  • Instruction ID: db4f335c6b76d3710d7b29c3f4cfaa549cb4247561b34a5962eb3b13c47994b8
                                                  • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                  • Instruction Fuzzy Hash: E9013D3A40015ABBCF135E88CC51CEE3F2ABF18354B588419FE5898230E736C9B1AB81
                                                  Function 028E7791 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                  • String ID:
                                                  • API String ID: 3016257755-0
                                                  • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                  • Instruction ID: 9c222bd87cefcc171d2d7c5a6e4f470d1415a92aa9bc52a84d89d867f049d774
                                                  • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                  • Instruction Fuzzy Hash: 7001103A00014EBBCF165E98CC41CED7F67BB1A754B588415FE5999130D336C9B1EB91
                                                  Function 02B85E48 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                  • String ID:
                                                  • API String ID: 3016257755-0
                                                  • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                  • Instruction ID: 2a692d1ee0df735afa6a715f8966e668452b951e9d964cf6b9adc9a42aeca0bb
                                                  • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                  • Instruction Fuzzy Hash: 5D01397600014ABBCF226E84CC818EE3F67FB18255B8A8495FA1C99020D336D9B1EB81
                                                  Function 028DA867 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000008,00000000,000000FF,00000000,00000000), ref: 028DA885
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ByteCharMultiWide
                                                  • String ID:
                                                  • API String ID: 626452242-0
                                                  • Opcode ID: 70764d26cd53dfacc22d2ac6705c692dcd13efcc487330bfcfb47d2ff48efacb
                                                  • Instruction ID: 74631387ba80b21538289796ee4e04640fa516c7528fa2f6b7fb5ced75d8eaeb
                                                  • Opcode Fuzzy Hash: 70764d26cd53dfacc22d2ac6705c692dcd13efcc487330bfcfb47d2ff48efacb
                                                  • Instruction Fuzzy Hash: FFF0F03E3C962A7AFA2439A85C05F66374D9B01BB5F204621BE1DE81C0DAA0880446D0
                                                  Function 02B562F5 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: htonl
                                                  • String ID:
                                                  • API String ID: 2009864989-0
                                                  • Opcode ID: a2158f1b82650e867632c27b9940839a83bdd562d7495e03aeecfa5fb5d1314f
                                                  • Instruction ID: 03fdd69d11499f39bc93e473f222e387baa496de1482173f308e62db5e420d21
                                                  • Opcode Fuzzy Hash: a2158f1b82650e867632c27b9940839a83bdd562d7495e03aeecfa5fb5d1314f
                                                  • Instruction Fuzzy Hash: FC1106715116129FD7249F29C6492597BE9AB0A370768CB5DD8BACB6E0D330A5828F40
                                                  Function 02B54188 Relevance: 6.0, APIs: 4, Instructions: 40fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CopyFileW.KERNEL32(00000000,00000000,00000000,02B5390D,00000000,00000000), ref: 02B541BD
                                                  • GetLastError.KERNEL32(02B5390D,00000000,00000000), ref: 02B541C7
                                                  • _free.LIBCMT ref: 02B541D0
                                                  • _free.LIBCMT ref: 02B541D6
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _free$CopyErrorFileLast
                                                  • String ID:
                                                  • API String ID: 620012759-0
                                                  • Opcode ID: a52ab79879d90cc5b7837cef5f9d98eadd3a5e1dd2a2c820b21bc9723e59aa16
                                                  • Instruction ID: 317771ec3a7cf46a6e775944b8dc83862262dbdb24d7dfa8bfd886e378a87110
                                                  • Opcode Fuzzy Hash: a52ab79879d90cc5b7837cef5f9d98eadd3a5e1dd2a2c820b21bc9723e59aa16
                                                  • Instruction Fuzzy Hash: 0BF0E936204311AFD7101FBAAC48E677FEDEF466E0B1400A5FC1CD7200DB72985086D4
                                                  Function 028D37E4 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _malloc.LIBCMT ref: 028D37EA
                                                    • Part of subcall function 028E00B0: __FF_MSGBANNER.LIBCMT ref: 028E00C7
                                                    • Part of subcall function 028E00B0: __NMSG_WRITE.LIBCMT ref: 028E00CE
                                                    • Part of subcall function 028E00B0: RtlAllocateHeap.NTDLL(00A40000,00000000,00000001,00000000,00000000,00000000,?,028E9533,?,?,?,00000000,?,028E98AE,00000018,028F5608), ref: 028E00F3
                                                  • _memset.LIBCMT ref: 028D37FB
                                                  • htonl.WS2_32(00000008), ref: 028D3805
                                                  • htonl.WS2_32(?), ref: 028D3811
                                                    • Part of subcall function 028D3A39: htonl.WS2_32(?), ref: 028D3A3F
                                                    • Part of subcall function 028D38F9: _memset.LIBCMT ref: 028D3912
                                                    • Part of subcall function 028D38F9: _free.LIBCMT ref: 028D391A
                                                    • Part of subcall function 028D38F9: _memset.LIBCMT ref: 028D3973
                                                    • Part of subcall function 028D38F9: _free.LIBCMT ref: 028D3979
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _memsethtonl$_free$AllocateHeap_malloc
                                                  • String ID:
                                                  • API String ID: 1195693547-0
                                                  • Opcode ID: 7162689d7eb51934b4ffb54722aa1bbac21b625ebf6f4b8b1eb355394f59d418
                                                  • Instruction ID: 7969504d6a808937ea0be844bf4d286d2a179ebcba8e72f385cb5c8064e9ac5e
                                                  • Opcode Fuzzy Hash: 7162689d7eb51934b4ffb54722aa1bbac21b625ebf6f4b8b1eb355394f59d418
                                                  • Instruction Fuzzy Hash: BEF02B3EA803017BD7116FA9DC45B293777AF80B61F004028F60DD96C1DFB191288E93
                                                  Function 02B5DA2A Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • OpenWindowStationA.USER32(?,00000000,02000000), ref: 02B5DA47
                                                  • GetCurrentProcessId.KERNEL32 ref: 02B5DA53
                                                    • Part of subcall function 02B574D1: LoadLibraryA.KERNEL32(kernel32.dll), ref: 02B574E9
                                                    • Part of subcall function 02B574D1: GetProcAddress.KERNEL32(00000000,ProcessIdToSessionId), ref: 02B574FB
                                                    • Part of subcall function 02B574D1: FreeLibrary.KERNEL32(00000000), ref: 02B5752D
                                                  • EnumDesktopsA.USER32(00000000,Function_0000D988,?), ref: 02B5DA76
                                                  • CloseWindowStation.USER32(00000000), ref: 02B5DA7D
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: LibraryStationWindow$AddressCloseCurrentDesktopsEnumFreeLoadOpenProcProcess
                                                  • String ID:
                                                  • API String ID: 688010510-0
                                                  • Opcode ID: 5d1bd631046f9cd4302c8af31f57a51327bcb07a1703846f11a35b44c4f72b46
                                                  • Instruction ID: 703797fcdcd6e6f8cb315477fd683c6c1af5e4eba8d290b146c497c218ab7d04
                                                  • Opcode Fuzzy Hash: 5d1bd631046f9cd4302c8af31f57a51327bcb07a1703846f11a35b44c4f72b46
                                                  • Instruction Fuzzy Hash: 2CF06271D55219BFEB00EFB8A8089AEBBFCEF48750F00859AFC09E7200D63046119F90
                                                  Function 02B5412D Relevance: 6.0, APIs: 4, Instructions: 39fileCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • MoveFileW.KERNEL32(00000000,00000000), ref: 02B54161
                                                  • GetLastError.KERNEL32(02B538AC,00000000,00000000), ref: 02B5416B
                                                  • _free.LIBCMT ref: 02B54174
                                                  • _free.LIBCMT ref: 02B5417A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _free$ErrorFileLastMove
                                                  • String ID:
                                                  • API String ID: 838163040-0
                                                  • Opcode ID: 5830851e2882741ea2b9be89569bd2baeba4051847e722fab5fbb9670d9b0325
                                                  • Instruction ID: 989bbcdd03d2284c25470cb4259666261c1678cc913e206a605b33d9777ba72b
                                                  • Opcode Fuzzy Hash: 5830851e2882741ea2b9be89569bd2baeba4051847e722fab5fbb9670d9b0325
                                                  • Instruction Fuzzy Hash: 85F0E936644225AFD7101F69AC48E6B3BEEEF893E1B040075FD0CD7200DB7288518698
                                                  Function 028D769F Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CloseHandle.KERNEL32(89C03359,00000000,?,028D7943,?), ref: 028D76B6
                                                  • CloseHandle.KERNEL32(0F078902,00000000,?,028D7943,?), ref: 028D76E2
                                                  • _free.LIBCMT ref: 028D76F7
                                                  • _free.LIBCMT ref: 028D7705
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CloseHandle_free
                                                  • String ID:
                                                  • API String ID: 3521661170-0
                                                  • Opcode ID: 028aa48a09ac90d97343da57a3de291c404397db4fb2f0709b9f46c63c4d090e
                                                  • Instruction ID: 9a641b20efdb2cb4759bd034588dda1ae0ee39b58b119ab19443a0e32c685e33
                                                  • Opcode Fuzzy Hash: 028aa48a09ac90d97343da57a3de291c404397db4fb2f0709b9f46c63c4d090e
                                                  • Instruction Fuzzy Hash: AC01813D400B04DBD7316A39E809B96B7F8BF01735F140E0DE0AED54D0DBB5A4488A48
                                                  Function 028D8A11 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _calloc.LIBCMT ref: 028D8A19
                                                    • Part of subcall function 028E0911: __calloc_impl.LIBCMT ref: 028E0924
                                                  • GetCurrentProcess.KERNEL32(?,?,00000010,00000000,00000001,00000002), ref: 028D8A38
                                                  • DuplicateHandle.KERNEL32(00000000), ref: 028D8A3F
                                                  • _free.LIBCMT ref: 028D8A4A
                                                    • Part of subcall function 028E0078: RtlFreeHeap.NTDLL(00000000,00000000,?,028E61E9,00000000,?,?,?,00000000,?,028E98AE,00000018,028F5608,00000008,028E97FB,?), ref: 028E008C
                                                    • Part of subcall function 028E0078: GetLastError.KERNEL32(00000000,?,028E61E9,00000000,?,?,?,00000000,?,028E98AE,00000018,028F5608,00000008,028E97FB,?,?), ref: 028E009E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CurrentDuplicateErrorFreeHandleHeapLastProcess__calloc_impl_calloc_free
                                                  • String ID:
                                                  • API String ID: 2366337730-0
                                                  • Opcode ID: 372a3618ba8748ed46d4855dbb53e562a0063a3aed6f13a2d6025bc71bc25576
                                                  • Instruction ID: 6736b60d71d555a5058e6a6ab3863e118d94f49b7311d72ed6361e16d79661e8
                                                  • Opcode Fuzzy Hash: 372a3618ba8748ed46d4855dbb53e562a0063a3aed6f13a2d6025bc71bc25576
                                                  • Instruction Fuzzy Hash: 08F09679284308AFE7509F54EC09FE637A9FB15751F000459FB09DB2C0DBB29854CBA1
                                                  Function 028D75B6 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                  Download Yara Rule
                                                  APIs
                                                    • Part of subcall function 028DA57D: WaitForSingleObject.KERNEL32(?,000000FF,?,028D4C1A,00000001,00000000,?,028D4BFE,00000000,00000000,028D6978,00000000,00000000,028D7DFF), ref: 028DA58B
                                                  • CloseHandle.KERNEL32(?), ref: 028D75DD
                                                  • CloseHandle.KERNEL32(?), ref: 028D75E2
                                                  • CloseHandle.KERNEL32(?), ref: 028D75E7
                                                  • _free.LIBCMT ref: 028D75F5
                                                    • Part of subcall function 028E0078: RtlFreeHeap.NTDLL(00000000,00000000,?,028E61E9,00000000,?,?,?,00000000,?,028E98AE,00000018,028F5608,00000008,028E97FB,?), ref: 028E008C
                                                    • Part of subcall function 028E0078: GetLastError.KERNEL32(00000000,?,028E61E9,00000000,?,?,?,00000000,?,028E98AE,00000018,028F5608,00000008,028E97FB,?,?), ref: 028E009E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CloseHandle$ErrorFreeHeapLastObjectSingleWait_free
                                                  • String ID:
                                                  • API String ID: 2311913730-0
                                                  • Opcode ID: 3597796655fc405952815d48c1e04e7e495bed9b16fdc01c3ef2d5e6bb88977a
                                                  • Instruction ID: 1c887bc6b88bc10801bf4072d4fd9f78f233e57981b05ab20d5fc13fa477df3a
                                                  • Opcode Fuzzy Hash: 3597796655fc405952815d48c1e04e7e495bed9b16fdc01c3ef2d5e6bb88977a
                                                  • Instruction Fuzzy Hash: AEF0373A600505FBCA09AA6AEC05A96FB76FF45360B104126A42C97160DB76E8248E90
                                                  Function 028A7A28 Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078776178.00000000028A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 028A0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28a0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free
                                                  • String ID:
                                                  • API String ID: 269201875-0
                                                  • Opcode ID: 09f99532f5715fa75ee61da0ce2c70ed2bbe0798f7a92593d1b7cdc70fe9c228
                                                  • Instruction ID: f56e8bee544cf6734f31e2359f8626884428042fd9df6e4f3dcbb2001da9ce2c
                                                  • Opcode Fuzzy Hash: 09f99532f5715fa75ee61da0ce2c70ed2bbe0798f7a92593d1b7cdc70fe9c228
                                                  • Instruction Fuzzy Hash: 07F04F3E011700AFF7319A28DC1476AB3E4BF15316F54451DD48AC69A0CF75B950DF55
                                                  Function 028D8628 Relevance: 6.0, APIs: 4, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • _free.LIBCMT ref: 028D8641
                                                    • Part of subcall function 028E0078: RtlFreeHeap.NTDLL(00000000,00000000,?,028E61E9,00000000,?,?,?,00000000,?,028E98AE,00000018,028F5608,00000008,028E97FB,?), ref: 028E008C
                                                    • Part of subcall function 028E0078: GetLastError.KERNEL32(00000000,?,028E61E9,00000000,?,?,?,00000000,?,028E98AE,00000018,028F5608,00000008,028E97FB,?,?), ref: 028E009E
                                                  • _free.LIBCMT ref: 028D8659
                                                  • _free.LIBCMT ref: 028D866E
                                                  • _free.LIBCMT ref: 028D8679
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: _free$ErrorFreeHeapLast
                                                  • String ID:
                                                  • API String ID: 776569668-0
                                                  • Opcode ID: 1fa86f744162e3dbfe60925a3ddbb83421332c920cec30b92a403e13c2bbf2a0
                                                  • Instruction ID: 562af1b4dde39e2d0e08b488a23dbe3e15b0823351cc73e5b2d24ee2b24591b5
                                                  • Opcode Fuzzy Hash: 1fa86f744162e3dbfe60925a3ddbb83421332c920cec30b92a403e13c2bbf2a0
                                                  • Instruction Fuzzy Hash: D2F0963D050700DFDB71AA28E909B6673E4FF1133AF54091DD44AD68A1DBB8B849CF89
                                                  Function 028DA5A7 Relevance: 6.0, APIs: 4, Instructions: 33COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • _malloc.LIBCMT ref: 028DA5AA
                                                    • Part of subcall function 028E00B0: __FF_MSGBANNER.LIBCMT ref: 028E00C7
                                                    • Part of subcall function 028E00B0: __NMSG_WRITE.LIBCMT ref: 028E00CE
                                                    • Part of subcall function 028E00B0: RtlAllocateHeap.NTDLL(00A40000,00000000,00000001,00000000,00000000,00000000,?,028E9533,?,?,?,00000000,?,028E98AE,00000018,028F5608), ref: 028E00F3
                                                  • _memset.LIBCMT ref: 028DA5C1
                                                  • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,028DA679,?,?,000000FF), ref: 028DA5CD
                                                  • _free.LIBCMT ref: 028DA5DB
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2078818816.00000000028D1000.00000020.00001000.00020000.00000000.sdmp, Offset: 028D0000, based on PE: true
                                                  • Associated: 00000000.00000002.2078803289.00000000028D0000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078843071.00000000028F1000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028F7000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FC000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078860223.00000000028FE000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2078909739.00000000028FF000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_28d0000_HACK-GAMER.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateCreateEventHeap_free_malloc_memset
                                                  • String ID:
                                                  • API String ID: 4187402829-0
                                                  • Opcode ID: 94bcfa85dd8ce702f075bebc0e67cb845718ae1e3b9b09c21d14071f406b1745
                                                  • Instruction ID: 06b446b41caede6a0d70c95bfee9924f3a283e9891e6038c98bba3cf1225d0cb
                                                  • Opcode Fuzzy Hash: 94bcfa85dd8ce702f075bebc0e67cb845718ae1e3b9b09c21d14071f406b1745
                                                  • Instruction Fuzzy Hash: 04E0DF2E64416126DA7136AB3C08FAB2F29CBC3F61B100419F609E5240EA20450686E2
                                                  Function 02B59975 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CloseHandle.KERNEL32(?), ref: 02B59989
                                                  • CloseHandle.KERNEL32(?), ref: 02B5998E
                                                  • TerminateProcess.KERNEL32(00000000,00000000), ref: 02B5999B
                                                  • _free.LIBCMT ref: 02B599A2
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: CloseHandle$ProcessTerminate_free
                                                  • String ID:
                                                  • API String ID: 2098153489-0
                                                  • Opcode ID: d41b98f46abe6110a09b362dd4204b29055d2b977413e35d628f92c8893fbc46
                                                  • Instruction ID: 9bc9ff07b274ee4c1901c3e1971e5e2c1f92b6c7e7068b712507f6781a92a704
                                                  • Opcode Fuzzy Hash: d41b98f46abe6110a09b362dd4204b29055d2b977413e35d628f92c8893fbc46
                                                  • Instruction Fuzzy Hash: CBF0E232400A26EFCB225F29DD04B9ABBA9FF41360F148465E91897550C731A860CFC4
                                                  Function 02B61618 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Event_free_malloc_memmove
                                                  • String ID:
                                                  • API String ID: 4068499459-0
                                                  • Opcode ID: 6ecb6a3494e95869bcc3674db4e967fd3acdcc74d30a421637ddf7a4fc003735
                                                  • Instruction ID: 24050afe014654df6e535546066535460766d8f8d6592259a0c5b0dcd22b6fcd
                                                  • Opcode Fuzzy Hash: 6ecb6a3494e95869bcc3674db4e967fd3acdcc74d30a421637ddf7a4fc003735
                                                  • Instruction Fuzzy Hash: ADF01272C506159BCF00AF78F90A85B3BA9FB053D07484491FE04E7240DB34A8A2DFE4
                                                  Function 02B54B0F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: _memset_wcscmp
                                                  • String ID: system
                                                  • API String ID: 1337962198-3377271179
                                                  • Opcode ID: b5950659f2a084b9b4e5d5e5a71fce5400e00c395f7b1b34d02192aa11a97490
                                                  • Instruction ID: 4960e4d425e6c6eb7b19d8c29cf641cc2e927948a376ce35c5f0294309cda2d8
                                                  • Opcode Fuzzy Hash: b5950659f2a084b9b4e5d5e5a71fce5400e00c395f7b1b34d02192aa11a97490
                                                  • Instruction Fuzzy Hash: 6A115176911619AADB10EEA4DC44BDFBBBCEF08764F1001F6E915E6040EB74A684CBA0
                                                  Function 02B5E8B4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetProcAddress.KERNEL32(00000000,enable_mouse_input), ref: 02B5E906
                                                    • Part of subcall function 02B5EB06: _memset.LIBCMT ref: 02B5EB20
                                                    • Part of subcall function 02B5EB06: ExpandEnvironmentStringsA.KERNEL32(%TEMP%\hook.dll,?,000003FF,?,00000000,00000000), ref: 02B5EB39
                                                    • Part of subcall function 02B5EB06: FindResourceA.KERNEL32(00000065,IMG), ref: 02B5EB4C
                                                    • Part of subcall function 02B5EB06: LoadResource.KERNEL32(00000000,?,00000000,00000000), ref: 02B5EB63
                                                    • Part of subcall function 02B5EB06: LockResource.KERNEL32(00000000,?,00000000,00000000), ref: 02B5EB6A
                                                    • Part of subcall function 02B5EB06: SizeofResource.KERNEL32(00000000,?,00000000,00000000), ref: 02B5EB7A
                                                    • Part of subcall function 02B5EB06: DeleteFileA.KERNEL32(?,?,00000000,00000000), ref: 02B5EB8A
                                                    • Part of subcall function 02B5EB06: GetFileAttributesA.KERNEL32(?,?,00000000,00000000), ref: 02B5EB97
                                                    • Part of subcall function 02B5EB06: LoadLibraryA.KERNEL32(?,?,00000000,00000000), ref: 02B5EBE3
                                                    • Part of subcall function 02B5EB06: GetLastError.KERNEL32(?,00000000,00000000), ref: 02B5EBF2
                                                  • GetLastError.KERNEL32 ref: 02B5E8F8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Resource$ErrorFileLastLoad$AddressAttributesDeleteEnvironmentExpandFindLibraryLockProcSizeofStrings_memset
                                                  • String ID: enable_mouse_input
                                                  • API String ID: 554077098-3380222899
                                                  • Opcode ID: 5b81f60762220ae037402b2c21ffb81565f990a4c8960bf5f41792c86a53adc3
                                                  • Instruction ID: 62be4c35aac1cd12e3009e4eaa5cd13b8fd148d1630e1cc72a25394e624eeed3
                                                  • Opcode Fuzzy Hash: 5b81f60762220ae037402b2c21ffb81565f990a4c8960bf5f41792c86a53adc3
                                                  • Instruction Fuzzy Hash: 18012631E44215AFCB586F69FC49F6A3BA6FB842D1700085CFD09C7210DB32D920CB50
                                                  Function 02B5DCC9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48libraryloaderCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • GetProcAddress.KERNEL32(00000000,enable_keyboard_input), ref: 02B5DD1B
                                                    • Part of subcall function 02B5EB06: _memset.LIBCMT ref: 02B5EB20
                                                    • Part of subcall function 02B5EB06: ExpandEnvironmentStringsA.KERNEL32(%TEMP%\hook.dll,?,000003FF,?,00000000,00000000), ref: 02B5EB39
                                                    • Part of subcall function 02B5EB06: FindResourceA.KERNEL32(00000065,IMG), ref: 02B5EB4C
                                                    • Part of subcall function 02B5EB06: LoadResource.KERNEL32(00000000,?,00000000,00000000), ref: 02B5EB63
                                                    • Part of subcall function 02B5EB06: LockResource.KERNEL32(00000000,?,00000000,00000000), ref: 02B5EB6A
                                                    • Part of subcall function 02B5EB06: SizeofResource.KERNEL32(00000000,?,00000000,00000000), ref: 02B5EB7A
                                                    • Part of subcall function 02B5EB06: DeleteFileA.KERNEL32(?,?,00000000,00000000), ref: 02B5EB8A
                                                    • Part of subcall function 02B5EB06: GetFileAttributesA.KERNEL32(?,?,00000000,00000000), ref: 02B5EB97
                                                    • Part of subcall function 02B5EB06: LoadLibraryA.KERNEL32(?,?,00000000,00000000), ref: 02B5EBE3
                                                    • Part of subcall function 02B5EB06: GetLastError.KERNEL32(?,00000000,00000000), ref: 02B5EBF2
                                                  • GetLastError.KERNEL32 ref: 02B5DD0D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.2079014402.0000000002B51000.00000020.00001000.00020000.00000000.sdmp, Offset: 02B50000, based on PE: true
                                                  • Associated: 00000000.00000002.2079000417.0000000002B50000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079045703.0000000002B91000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079062353.0000000002B9C000.00000004.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BA5000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BAD000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  • Associated: 00000000.00000002.2079077382.0000000002BB0000.00000002.00001000.00020000.00000000.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_2b50000_HACK-GAMER.jbxd
                                                  Similarity
                                                  • API ID: Resource$ErrorFileLastLoad$AddressAttributesDeleteEnvironmentExpandFindLibraryLockProcSizeofStrings_memset
                                                  • String ID: enable_keyboard_input
                                                  • API String ID: 554077098-3233768151
                                                  • Opcode ID: 1e8a995e04c603c993afde9baa920e6011e8b9dc7e9301221a53b0442e224877
                                                  • Instruction ID: 5d767ab5ab494ce8d5a2be4cbe63cdee9f5e8b94a051a8e80216375fbcb93782
                                                  • Opcode Fuzzy Hash: 1e8a995e04c603c993afde9baa920e6011e8b9dc7e9301221a53b0442e224877
                                                  • Instruction Fuzzy Hash: EF01D631A54215AFDB286F69FC49E6A3BAAFB893D5710056CFD09C7290DB36D820CB50