Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
uo9m.exe

Overview

General Information

Sample name:uo9m.exe
Analysis ID:1590280
MD5:a83802ca265a8d7d66f7307bf4f16367
SHA1:0d4d784f97301527064dc66420cc136132df3337
SHA256:cfab22760406b5b89f3f810702fd736306caa091dba036b8b9ffe206f415e794
Infos:

Detection

LummaC
Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Suricata IDS alerts for network traffic
LummaC encrypted strings found
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Contains functionality to call native functions
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • uo9m.exe (PID: 7412 cmdline: "C:\Users\user\Desktop\uo9m.exe" MD5: A83802CA265A8D7D66F7307BF4F16367)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-13T21:49:35.327874+010020283713Unknown Traffic192.168.2.44973123.197.127.21443TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-13T21:49:35.950360+010028586661Domain Observed Used for C2 Detected192.168.2.44973123.197.127.21443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: https://littlenotii.biz/apiAvira URL Cloud: Label: malware
Source: https://truculengisau.biz/apiAvira URL Cloud: Label: malware
Source: https://misha-lomonosov.com/2Avira URL Cloud: Label: malware
Source: https://fraggielek.biz/apiMrAvira URL Cloud: Label: malware
Source: https://misha-lomonosov.com/apiAvira URL Cloud: Label: malware
Source: https://spookycappy.biz/apiiAvira URL Cloud: Label: malware
Source: https://punishzement.biz/apiAvira URL Cloud: Label: malware
Source: https://marketlumpe.biz/api5tAvira URL Cloud: Label: malware
Source: https://misha-lomonosov.com/Avira URL Cloud: Label: malware
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D3AE60 BCryptGenRandom,SystemFunction036,0_2_00D3AE60
Source: uo9m.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DEBUG_STRIPPED
Source: unknownHTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: uo9m.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D7E620 CloseHandle,memset,FindFirstFileExW,FindClose,0_2_00D7E620
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D7CEA0 memcpy,memcpy,memset,FindFirstFileExW,memcpy,GetLastError,FindClose,DeleteFileW,GetLastError,0_2_00D7CEA0
Source: C:\Users\user\Desktop\uo9m.exeCode function: 4x nop then push ebp0_2_00D34018
Source: C:\Users\user\Desktop\uo9m.exeCode function: 4x nop then push ebp0_2_00D34112

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49731 -> 23.197.127.21:443
Source: Joe Sandbox ViewIP Address: 23.197.127.21 23.197.127.21
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49731 -> 23.197.127.21:443
Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D807B0 recv,WSAGetLastError,0_2_00D807B0
Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: vContent-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=6ea142275864432a1ee55dcb; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35141Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveMon, 13 Jan 2025 20:49:35 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: truculengisau.biz
Source: global trafficDNS traffic detected: DNS query: fraggielek.biz
Source: global trafficDNS traffic detected: DNS query: grandiouseziu.biz
Source: global trafficDNS traffic detected: DNS query: littlenotii.biz
Source: global trafficDNS traffic detected: DNS query: marketlumpe.biz
Source: global trafficDNS traffic detected: DNS query: nuttyshopr.biz
Source: global trafficDNS traffic detected: DNS query: punishzement.biz
Source: global trafficDNS traffic detected: DNS query: spookycappy.biz
Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
Source: global trafficDNS traffic detected: DNS query: misha-lomonosov.com
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
Source: uo9m.exe, 00000000.00000002.2196703768.0000000003281000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: uo9m.exe, 00000000.00000002.2196703768.0000000003281000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: uo9m.exe, 00000000.00000002.2196703768.0000000003281000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923894784.0000000003268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
Source: uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=SCXpgixTDzt4&a
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=M_FULq_A
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=BFN_
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=iUcMsAN_acD6&l=e
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
Source: uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=Eq36AUaEgab8&l=en
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
Source: uo9m.exeString found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-support
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000734000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923931265.0000000000732000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fraggielek.biz/apiMr
Source: uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000734000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923931265.0000000000732000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://littlenotii.biz/api
Source: uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000734000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923931265.0000000000732000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://marketlumpe.biz/api5t
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
Source: uo9m.exe, 00000000.00000003.1923931265.0000000000771000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://misha-lomonosov.com/
Source: uo9m.exe, 00000000.00000003.1923931265.0000000000771000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://misha-lomonosov.com/2
Source: uo9m.exe, 00000000.00000003.1923931265.0000000000771000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://misha-lomonosov.com/api
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000734000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923931265.0000000000732000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://punishzement.biz/api
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000734000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923931265.0000000000732000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://spookycappy.biz/apii
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923931265.0000000000732000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000734000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923931265.0000000000732000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/%s
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
Source: uo9m.exe, 00000000.00000002.2196703768.0000000003281000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: uo9m.exe, 00000000.00000003.1923931265.000000000073D000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2195643216.0000000000688000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2195786323.000000000073D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: uo9m.exe, 00000000.00000002.2195643216.0000000000688000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900#
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923894784.0000000003268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
Source: uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
Source: uo9m.exe, 00000000.00000003.1923931265.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
Source: uo9m.exe, 00000000.00000003.1923931265.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
Source: uo9m.exe, 00000000.00000002.2196703768.0000000003281000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000734000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923931265.0000000000732000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://truculengisau.biz/api
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
Source: uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
Source: uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
Source: uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownHTTPS traffic detected: 23.197.127.21:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D27F50 memset,GetModuleHandleA,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,AddVectoredExceptionHandler,RtlAddVectoredExceptionHandler,NtQueryInformationProcess,NtQuerySystemInformation,NtOpenThread,NtGetContextThread,NtSetContextThread,NtClose,0_2_00D27F50
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D7C080 NtOpenFile,RtlNtStatusToDosError,NtOpenFile,RtlNtStatusToDosError,0_2_00D7C080
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D6C2AE NtReadFile,WaitForSingleObject,RtlNtStatusToDosError,0_2_00D6C2AE
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D6C80E NtReadFile,WaitForSingleObject,RtlNtStatusToDosError,0_2_00D6C80E
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D7F651 NtReadFile,WaitForSingleObject,RtlNtStatusToDosError,ReadFile,GetLastError,0_2_00D7F651
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D7D750 GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,NtOpenFile,SetFileInformationByHandle,CloseHandle,GetLastError,SetFileInformationByHandle,GetLastError,CloseHandle,SwitchToThread,RtlNtStatusToDosError,NtOpenFile,RtlNtStatusToDosError,CloseHandle,SwitchToThread,CloseHandle,CloseHandle,CloseHandle,CloseHandle,DeviceIoControl,GetLastError,CloseHandle,memcpy,CloseHandle,CloseHandle,0_2_00D7D750
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D7EE00: memmove,DeviceIoControl,CloseHandle,GetLastError,0_2_00D7EE00
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D221E00_2_00D221E0
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DB01900_2_00DB0190
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DBC1A00_2_00DBC1A0
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D241600_2_00D24160
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DD21100_2_00DD2110
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D2C2E00_2_00D2C2E0
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D402900_2_00D40290
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D8C2B00_2_00D8C2B0
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D2C2BB0_2_00D2C2BB
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DD42600_2_00DD4260
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D4E3F00_2_00D4E3F0
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DB23700_2_00DB2370
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DCA3700_2_00DCA370
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DAC5E00_2_00DAC5E0
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D705A00_2_00D705A0
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D365400_2_00D36540
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D5E6C90_2_00D5E6C9
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DA06840_2_00DA0684
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D266400_2_00D26640
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DB26100_2_00DB2610
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D347F00_2_00D347F0
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DB87E00_2_00DB87E0
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DC08D00_2_00DC08D0
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DBC8500_2_00DBC850
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D768400_2_00D76840
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DC28700_2_00DC2870
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DAE9800_2_00DAE980
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DB29800_2_00DB2980
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D409400_2_00D40940
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D989640_2_00D98964
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DB8AB00_2_00DB8AB0
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DC6A400_2_00DC6A40
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DCAA700_2_00DCAA70
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D88B100_2_00D88B10
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D2EB000_2_00D2EB00
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DCEB010_2_00DCEB01
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D78CFE0_2_00D78CFE
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DC6C900_2_00DC6C90
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DB2C500_2_00DB2C50
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DB0C000_2_00DB0C00
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D70DC10_2_00D70DC1
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D2EDB00_2_00D2EDB0
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D9EFBC0_2_00D9EFBC
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D2EF200_2_00D2EF20
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DA8F200_2_00DA8F20
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D510E00_2_00D510E0
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D410800_2_00D41080
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D390B00_2_00D390B0
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DB30400_2_00DB3040
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D8F02E0_2_00D8F02E
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DA719E0_2_00DA719E
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DB52600_2_00DB5260
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D2B3D00_2_00D2B3D0
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D2B3E90_2_00D2B3E9
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DC53800_2_00DC5380
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D953B00_2_00D953B0
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D833740_2_00D83374
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D2B49D0_2_00D2B49D
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DB74A10_2_00DB74A1
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D2B45F0_2_00D2B45F
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D2B4400_2_00D2B440
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D2B47E0_2_00D2B47E
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D2B4020_2_00D2B402
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D2B4210_2_00D2B421
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DBB5E00_2_00DBB5E0
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DCF5800_2_00DCF580
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D515400_2_00D51540
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D256800_2_00D25680
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DC16100_2_00DC1610
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D417200_2_00D41720
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D2D8800_2_00D2D880
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D5B8500_2_00D5B850
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DB38400_2_00DB3840
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D2B9C70_2_00D2B9C7
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D2B9FF0_2_00D2B9FF
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D2B9E30_2_00D2B9E3
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D379B00_2_00D379B0
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D2BADF0_2_00D2BADF
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D2BAC30_2_00D2BAC3
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D7BAF00_2_00D7BAF0
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D2BAFB0_2_00D2BAFB
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D2BA8B0_2_00D2BA8B
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DB3AB00_2_00DB3AB0
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D2BAA70_2_00D2BAA7
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D2BA530_2_00D2BA53
Source: C:\Users\user\Desktop\uo9m.exeCode function: String function: 00DBA430 appears 44 times
Source: C:\Users\user\Desktop\uo9m.exeCode function: String function: 00DBA790 appears 43 times
Source: C:\Users\user\Desktop\uo9m.exeCode function: String function: 00DBE1A0 appears 32 times
Source: C:\Users\user\Desktop\uo9m.exeCode function: String function: 00DBA050 appears 98 times
Source: uo9m.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DEBUG_STRIPPED
Source: classification engineClassification label: mal64.evad.winEXE@1/0@11/1
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D811A0 memset,GetModuleHandleW,FormatMessageW,GetLastError,0_2_00D811A0
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D29790 CreateToolhelp32Snapshot,memset,Process32FirstW,memcpy,memcpy,Process32NextW,CloseHandle,GetCurrentProcessId,DebugActiveProcess,GetCurrentProcess,TerminateProcess,CloseHandle,CloseHandle,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,DebugActiveProcess,GetCurrentProcess,TerminateProcess,0_2_00D29790
Source: C:\Users\user\Desktop\uo9m.exeMutant created: \Sessions\1\BaseNamedObjects\TestyFlamingo
Source: uo9m.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\uo9m.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeFile read: C:\Users\user\Desktop\uo9m.exeJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: uo9m.exeStatic file information: File size 799014912 > 1048576
Source: uo9m.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D27A40 CreateTimerQueue,CreateEventW,GetModuleHandleA,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,CreateEventW,WaitForSingleObject,SetEvent,DeleteTimerQueue,0_2_00D27A40
Source: uo9m.exeStatic PE information: section name: .eh_fram
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00DD6D50 push eax; mov dword ptr [esp], esi0_2_00DD6DF1
Source: C:\Users\user\Desktop\uo9m.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: uo9m.exe, 00000000.00000002.2195643216.0000000000680000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: IDAG.EXE
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D29790 CreateToolhelp32Snapshot,memset,Process32FirstW,memcpy,memcpy,Process32NextW,CloseHandle,GetCurrentProcessId,DebugActiveProcess,GetCurrentProcess,TerminateProcess,CloseHandle,CloseHandle,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,DebugActiveProcess,GetCurrentProcess,TerminateProcess,0_2_00D29790
Source: C:\Users\user\Desktop\uo9m.exeAPI coverage: 3.1 %
Source: C:\Users\user\Desktop\uo9m.exe TID: 7596Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D7E620 CloseHandle,memset,FindFirstFileExW,FindClose,0_2_00D7E620
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D7CEA0 memcpy,memcpy,memset,FindFirstFileExW,memcpy,GetLastError,FindClose,DeleteFileW,GetLastError,0_2_00D7CEA0
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D61750 GetSystemInfo,0_2_00D61750
Source: uo9m.exe, 00000000.00000003.1923931265.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2195643216.000000000070D000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: C:\Users\user\Desktop\uo9m.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D29790 CreateToolhelp32Snapshot,memset,Process32FirstW,memcpy,memcpy,Process32NextW,CloseHandle,GetCurrentProcessId,DebugActiveProcess,GetCurrentProcess,TerminateProcess,CloseHandle,CloseHandle,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,DebugActiveProcess,GetCurrentProcess,TerminateProcess,0_2_00D29790
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D27A40 CreateTimerQueue,CreateEventW,GetModuleHandleA,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,CreateEventW,WaitForSingleObject,SetEvent,DeleteTimerQueue,0_2_00D27A40
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D2E250 GetProcessHeap,HeapFree,RtlFreeHeap,0_2_00D2E250
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D2116A Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm,_cexit,_initterm,0_2_00D2116A
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D5FE60 AddVectoredExceptionHandler,RtlAddVectoredExceptionHandler,SetThreadStackGuarantee,GetCurrentThread,SetThreadDescription,SetThreadDescription,0_2_00D5FE60
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D27F50 memset,GetModuleHandleA,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,AddVectoredExceptionHandler,RtlAddVectoredExceptionHandler,NtQueryInformationProcess,NtQuerySystemInformation,NtOpenThread,NtGetContextThread,NtSetContextThread,NtClose,0_2_00D27F50
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D21187 Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,__initenv,0_2_00D21187
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D21160 Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,__initenv,0_2_00D21160
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D21319 SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,__initenv,_amsg_exit,_initterm,0_2_00D21319
Source: C:\Users\user\Desktop\uo9m.exeMemory allocated: page read and write | page guardJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
LummaC encrypted strings found
Source: uo9m.exeString found in binary or memory: truculengisau.biz
Source: uo9m.exeString found in binary or memory: punishzement.biz
Source: uo9m.exeString found in binary or memory: spookycappy.biz
Source: uo9m.exeString found in binary or memory: marketlumpe.biz
Source: uo9m.exeString found in binary or memory: nuttyshopr.biz
Source: uo9m.exeString found in binary or memory: grandiouseziu.biz
Source: uo9m.exeString found in binary or memory: littlenotii.biz
Source: uo9m.exeString found in binary or memory: fraggielek.biz
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D2E4D0 cpuid 0_2_00D2E4D0
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D76F90 GetSystemTimePreciseAsFileTime,0_2_00D76F90
Source: C:\Users\user\Desktop\uo9m.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D8E0F0 bind,listen,WSAGetLastError,closesocket,0_2_00D8E0F0
Source: C:\Users\user\Desktop\uo9m.exeCode function: 0_2_00D8E4A0 bind,WSAGetLastError,closesocket,0_2_00D8E4A0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		21
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
PowerShell		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Disable or Modify Tools		LSASS Memory1
Query Registry		Remote Desktop ProtocolData from Removable Media2
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
Deobfuscate/Decode Files or Information		Security Account Manager121
Security Software Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
Obfuscated Files or Information		NTDS1
Virtualization/Sandbox Evasion		Distributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets2
Process Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync14
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://littlenotii.biz/api100%Avira URL Cloudmalware
https://truculengisau.biz/api100%Avira URL Cloudmalware
https://misha-lomonosov.com/2100%Avira URL Cloudmalware
https://fraggielek.biz/apiMr100%Avira URL Cloudmalware
https://misha-lomonosov.com/api100%Avira URL Cloudmalware
https://spookycappy.biz/apii100%Avira URL Cloudmalware
https://punishzement.biz/api100%Avira URL Cloudmalware
https://marketlumpe.biz/api5t100%Avira URL Cloudmalware
https://misha-lomonosov.com/100%Avira URL Cloudmalware

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
steamcommunity.com
23.197.127.21
truefalse
    		high
    littlenotii.biz
    		unknown
    		unknowntrue
      		unknown
      fraggielek.biz
      		unknown
      		unknowntrue
        		unknown
        nuttyshopr.biz
        		unknown
        		unknowntrue
          		unknown
          grandiouseziu.biz
          		unknown
          		unknowntrue
            		unknown
            marketlumpe.biz
            		unknown
            		unknowntrue
              		unknown
              misha-lomonosov.com
              		unknown
              		unknownfalse
                		unknown
                spookycappy.biz
                		unknown
                		unknowntrue
                  		unknown
                  truculengisau.biz
                  		unknown
                  		unknowntrue
                    		unknown
                    punishzement.biz
                    		unknown
                    		unknowntrue
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://steamcommunity.com/profiles/76561199724331900false
                        		high

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://steamcommunity.com/my/wishlist/uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pnguo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://player.vimeo.comuo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampuo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://steamcommunity.com/?subsection=broadcastsuo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://steamcommunity.com/profiles/76561199724331900#uo9m.exe, 00000000.00000002.2195643216.0000000000688000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://help.steampowered.com/en/uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://steamcommunity.com/market/uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://store.steampowered.com/news/uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://docs.rs/getrandom#nodejs-es-module-supportuo9m.exefalse
                                              		high
                                              https://store.steampowered.com/subscriber_agreement/uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.gstatic.cn/recaptcha/uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://store.steampowered.com/subscriber_agreement/uo9m.exe, 00000000.00000002.2196703768.0000000003281000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://littlenotii.biz/apiuo9m.exe, 00000000.00000002.2195786323.0000000000734000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923931265.0000000000732000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orguo9m.exe, 00000000.00000002.2196703768.0000000003281000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://spookycappy.biz/apiiuo9m.exe, 00000000.00000002.2195786323.0000000000734000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923931265.0000000000732000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      https://recaptcha.net/recaptcha/;uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://truculengisau.biz/apiuo9m.exe, 00000000.00000002.2195786323.0000000000734000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923931265.0000000000732000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=Eq36AUaEgab8&l=enuo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.valvesoftware.com/legal.htmuo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://steamcommunity.com/discussions/uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.youtube.comuo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.google.comuo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://store.steampowered.com/stats/uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amuo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://medal.tvuo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://broadcast.st.dl.eccdnx.comuo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pnguo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&auo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://store.steampowered.com/steam_refunds/uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackuo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://misha-lomonosov.com/2uo9m.exe, 00000000.00000003.1923931265.0000000000771000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: malware
                                                                                        		unknown
                                                                                        https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://misha-lomonosov.com/apiuo9m.exe, 00000000.00000003.1923931265.0000000000771000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: malware
                                                                                          		unknown
                                                                                          https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=euo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engluo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://steamcommunity.com/%suo9m.exe, 00000000.00000002.2195786323.0000000000734000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923931265.0000000000732000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englisuo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCuo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://s.ytimg.com;uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://steamcommunity.com/workshop/uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://login.steampowered.com/uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbbuo9m.exe, 00000000.00000003.1923931265.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_cuo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://store.steampowered.com/legal/uo9m.exe, 00000000.00000002.2196703768.0000000003281000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://community.fastly.steamstatic.com/uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://steam.tv/uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=enuo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=enguo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://misha-lomonosov.com/uo9m.exe, 00000000.00000003.1923931265.0000000000771000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: malware
                                                                                                                            		unknown
                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=enuo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=BFN_uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&auo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engluo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://store.steampowered.com/privacy_agreement/uo9m.exe, 00000000.00000002.2196703768.0000000003281000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://fraggielek.biz/apiMruo9m.exe, 00000000.00000002.2195786323.0000000000734000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923931265.0000000000732000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                      		unknown
                                                                                                                                      https://store.steampowered.com/points/shop/uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://recaptcha.netuo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://store.steampowered.com/uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&auo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://sketchfab.comuo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://lv.queniujq.cnuo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.pnguo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://steamcommunity.com/profiles/76561199724331900/inventory/uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://www.youtube.com/uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://127.0.0.1:27060uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpguo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923894784.0000000003268000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://store.steampowered.com/privacy_agreement/uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=enguo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gifuo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=M_FULq_Auo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://marketlumpe.biz/api5tuo9m.exe, 00000000.00000002.2195786323.0000000000734000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923931265.0000000000732000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    • Avira URL Cloud: malware
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQuo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&amuo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://www.google.com/recaptcha/uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://checkout.steampowered.com/uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&ampuo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://help.steampowered.com/uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://api.steampowered.com/uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://store.steampowered.com/account/cookiepreferences/uo9m.exe, 00000000.00000002.2196703768.0000000003281000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://store.steampowered.com/mobileuo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://punishzement.biz/apiuo9m.exe, 00000000.00000002.2195786323.0000000000734000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923931265.0000000000732000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://steamcommunity.com/uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923931265.0000000000732000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://store.steampowered.com/;uo9m.exe, 00000000.00000003.1923931265.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2195786323.0000000000763000.00000004.00000020.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=iUcMsAN_acD6&l=euo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://store.steampowered.com/about/uo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&luo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000002.2196682769.0000000003240000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://steamcommunity.com/profiles/76561199724331900/badgesuo9m.exe, 00000000.00000003.1923894784.000000000326A000.00000004.00000800.00020000.00000000.sdmp, uo9m.exe, 00000000.00000003.1923894784.0000000003268000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high

                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                  23.197.127.21
                                                                                                                                                                                                  		steamcommunity.comUnited States
                                                                                                                                                                                                  		20940AKAMAI-ASN1EUfalse

                                                                                                                                                                                                  General Information

                                                                                                                                                                                                  Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                  Analysis ID:1590280
                                                                                                                                                                                                  Start date and time:2025-01-13 21:48:20 +01:00
                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                  Overall analysis duration:0h 8m 13s
                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                  Run name:Run with higher sleep bypass
                                                                                                                                                                                                  Number of analysed new started processes analysed:6
                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                  Sample name:uo9m.exe
                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                  Classification:mal64.evad.winEXE@1/0@11/1
                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                  • Number of executed functions: 15
                                                                                                                                                                                                  • Number of non-executed functions: 126
                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                                                                                  • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                                                                                  • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored
                                                                                                                                                                                                  • Stop behavior analysis, all processes terminated

                                                                                                                                                                                                  Warnings

                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 4.245.163.56, 13.107.246.45
                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                  No simulations

                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                  IPs

                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                  23.197.127.21http://steamcomunity.aiq.ru/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • steamcommunity.com/

                                                                                                                                                                                                  Domains

                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                  steamcommunity.comL7GNkeVm5e.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  NDWffRLk7z.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  g3toRYa6JE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  lBb4XI4eGD.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  UWYXurYZ2x.exeGet hashmaliciousLummaC, Amadey, Babadeda, DanaBot, KeyLogger, LummaC Stealer, Poverty StealerBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  TBI87y49f9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  H5JVfa61AV.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  2EG0jAmtY6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254
                                                                                                                                                                                                  rii2.mp3.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 104.102.49.254

                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                  AKAMAI-ASN1EUhttps://timecusa-my.sharepoint.com/:f:/p/stephensw/Erq5TMDIJBVBvh6vbWmpurEB4UwHKTW8nzSkPE2Ckmvugg?e=SepTcTGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                  • 2.16.168.113
                                                                                                                                                                                                  Handler.exeGet hashmaliciousDanaBot, VidarBrowse
                                                                                                                                                                                                  • 23.44.203.172
                                                                                                                                                                                                  phish_alert_sp2_2.0.0.0.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 2.16.168.102
                                                                                                                                                                                                  JUbmpeT.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                  • 23.48.224.229
                                                                                                                                                                                                  Cardfactory Executed Agreement DocsID- Sign & Review..emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                  • 2.16.168.101
                                                                                                                                                                                                  ACC NUM - D0278.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 2.16.168.119
                                                                                                                                                                                                  https://bnbswap.lakshmi.trading/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 23.215.17.144
                                                                                                                                                                                                  http://ledger-recovery.co.uk/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 95.101.148.20
                                                                                                                                                                                                  3.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 23.221.74.103
                                                                                                                                                                                                  3bSDIpSIdF.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 23.200.0.9

                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                  a0e9f5d64349fb13191bc781f81f42e1YYYY-NNN AUDIT DETAIL REPORT .docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 23.197.127.21
                                                                                                                                                                                                  msit.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                  • 23.197.127.21
                                                                                                                                                                                                  tesr.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                  • 23.197.127.21
                                                                                                                                                                                                  WSLRT.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                  • 23.197.127.21
                                                                                                                                                                                                  msit.msiGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                  • 23.197.127.21
                                                                                                                                                                                                  PCB - Lyell Highway Upgrades Queenstown to Strahan - March 2021.XLSMGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 23.197.127.21
                                                                                                                                                                                                  PCB - Lyell Highway Upgrades Queenstown to Strahan - March 2021.XLSMGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 23.197.127.21
                                                                                                                                                                                                  L7GNkeVm5e.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  • 23.197.127.21

                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                  No context

                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                  No created / dropped files found

                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                  General

                                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                  Entropy (8bit):0.029844611142384448
                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.53%
                                                                                                                                                                                                  • InstallShield setup (43055/19) 0.43%
                                                                                                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                  File name:uo9m.exe
                                                                                                                                                                                                  File size:799'014'912 bytes
                                                                                                                                                                                                  MD5:a83802ca265a8d7d66f7307bf4f16367
                                                                                                                                                                                                  SHA1:0d4d784f97301527064dc66420cc136132df3337
                                                                                                                                                                                                  SHA256:cfab22760406b5b89f3f810702fd736306caa091dba036b8b9ffe206f415e794
                                                                                                                                                                                                  SHA512:840aa02c0bac4ef8436dfbd36f1d5d384efa3ff1eaa5012f92b9337eade110ac526163935df7d7e8326e6b5b51b06718e7642b79d5ed6c66bf8cdb6e1f609479
                                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                                  TLSH:
                                                                                                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0.;.h..[.....&....*..........................@..........................0......:.....@... ............................

                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                  Icon Hash:29226ee6b692c62f

                                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Entrypoint:0x4013e0
                                                                                                                                                                                                  Entrypoint Section:.text
                                                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE, DEBUG_STRIPPED
                                                                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
                                                                                                                                                                                                  Time Stamp:0x3BE130B9 [Thu Nov 1 11:23:37 2001 UTC]
                                                                                                                                                                                                  TLS Callbacks:0x46d530, 0x4ba960, 0x4ba910, 0x4b5f40
                                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                                  OS Version Major:4
                                                                                                                                                                                                  OS Version Minor:0
                                                                                                                                                                                                  File Version Major:4
                                                                                                                                                                                                  File Version Minor:0
                                                                                                                                                                                                  Subsystem Version Major:4
                                                                                                                                                                                                  Subsystem Version Minor:0
                                                                                                                                                                                                  Import Hash:870017c0621e77ae427bc42242f26bc8

                                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                                  Instruction
                                                                                                                                                                                                  mov dword ptr [00560234h], 00000001h
                                                                                                                                                                                                  jmp 00007F5D4CDFB7B6h
                                                                                                                                                                                                  nop
                                                                                                                                                                                                  mov dword ptr [00560234h], 00000000h
                                                                                                                                                                                                  jmp 00007F5D4CDFB7A6h
                                                                                                                                                                                                  nop
                                                                                                                                                                                                  sub esp, 1Ch
                                                                                                                                                                                                  mov eax, dword ptr [esp+20h]
                                                                                                                                                                                                  mov dword ptr [esp], eax
                                                                                                                                                                                                  call 00007F5D4CEB4D86h
                                                                                                                                                                                                  cmp eax, 01h
                                                                                                                                                                                                  sbb eax, eax
                                                                                                                                                                                                  add esp, 1Ch
                                                                                                                                                                                                  ret
                                                                                                                                                                                                  nop
                                                                                                                                                                                                  nop
                                                                                                                                                                                                  nop
                                                                                                                                                                                                  nop
                                                                                                                                                                                                  nop
                                                                                                                                                                                                  nop
                                                                                                                                                                                                  nop
                                                                                                                                                                                                  nop
                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                  mov ebp, esp
                                                                                                                                                                                                  sub esp, 08h
                                                                                                                                                                                                  lea ecx, dword ptr [00546104h]
                                                                                                                                                                                                  lea eax, dword ptr [00560020h]
                                                                                                                                                                                                  mov dword ptr [esp], ecx
                                                                                                                                                                                                  mov dword ptr [esp+04h], eax
                                                                                                                                                                                                  call 00007F5D4CEAEDF7h
                                                                                                                                                                                                  add esp, 08h
                                                                                                                                                                                                  pop ebp
                                                                                                                                                                                                  ret
                                                                                                                                                                                                  nop word ptr [eax+eax+00000000h]
                                                                                                                                                                                                  nop dword ptr [eax]
                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                  mov ebp, esp
                                                                                                                                                                                                  sub esp, 08h
                                                                                                                                                                                                  lea ecx, dword ptr [00546104h]
                                                                                                                                                                                                  lea eax, dword ptr [00560020h]
                                                                                                                                                                                                  mov dword ptr [esp], ecx
                                                                                                                                                                                                  mov dword ptr [esp+04h], eax
                                                                                                                                                                                                  call 00007F5D4CEAF057h
                                                                                                                                                                                                  add esp, 08h
                                                                                                                                                                                                  pop ebp
                                                                                                                                                                                                  ret
                                                                                                                                                                                                  nop
                                                                                                                                                                                                  nop
                                                                                                                                                                                                  nop
                                                                                                                                                                                                  nop
                                                                                                                                                                                                  nop
                                                                                                                                                                                                  nop
                                                                                                                                                                                                  nop
                                                                                                                                                                                                  push ebp
                                                                                                                                                                                                  mov ebp, esp
                                                                                                                                                                                                  mov eax, dword ptr [ebp+0Ch]
                                                                                                                                                                                                  mov edx, dword ptr [eax+14h]
                                                                                                                                                                                                  test dl, 00000010h
                                                                                                                                                                                                  jne 00007F5D4CDFBA56h
                                                                                                                                                                                                  mov ecx, dword ptr [ebp+08h]
                                                                                                                                                                                                  test dl, 00000020h
                                                                                                                                                                                                  jne 00007F5D4CDFBA54h
                                                                                                                                                                                                  push eax
                                                                                                                                                                                                  push ecx
                                                                                                                                                                                                  call 00007F5D4CEA3F28h
                                                                                                                                                                                                  add esp, 08h
                                                                                                                                                                                                  pop ebp
                                                                                                                                                                                                  ret
                                                                                                                                                                                                  pop ebp
                                                                                                                                                                                                  jmp 00007F5D4CEA324Dh

                                                                                                                                                                                                  Data Directories

                                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x1610000x1c0c.idata
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x1650000x6c0c.rsrc
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x16c0000x68fc.reloc
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x1455e40x18.rdata
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x1614a40x3b4.idata
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                  Sections

                                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                  .text0x10000xbe4800xbe60014afe16819cefb456a57dfbb261bfa84False0.5144246552856205data6.536835421663965IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                  .data0xc00000x6a40x800b0a386aff6633dee36d56775aea5f680False0.103515625data0.8174171019176437IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                  .rdata0xc10000x848a80x84a00a0b17314fc2d598b41e4a0eb92ddfd0bFalse0.748982018732328data7.707327915600917IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                  .eh_fram0x1460000x19e380x1a0008212dba1448bfaca52fe84c1c28105b3False0.32677283653846156data5.083061671706065IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                  .bss0x1600000x2700x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                  .idata0x1610000x1c0c0x1e00d92df5b41991508676da4070bcda8775False0.31940104166666666SysEx File - Oberheim5.017837839075456IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                  .CRT0x1630000x380x20096ef153fd5ad30b3f2dac280a614d5fdFalse0.078125data0.33445688494273207IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                  .tls0x1640000x80x200bf619eac0cdf3f68d496ea9344137e8bFalse0.02734375data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                  .rsrc0x1650000x6c0c0x6e00afb169a073748710747c9549937b7fb8False0.5189630681818181data5.960924050488915IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                  .reloc0x16c0000x68fc0x6a008ea008d8151b2c3d348cef8e65b3146eFalse0.7341907429245284data6.631303672357615IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                  Resources

                                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                  RT_ICON0x1652b00x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.23902439024390243
                                                                                                                                                                                                  RT_ICON0x1659180x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.38306451612903225
                                                                                                                                                                                                  RT_ICON0x165c000x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.597972972972973
                                                                                                                                                                                                  RT_ICON0x165d280xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.6084754797441365
                                                                                                                                                                                                  RT_ICON0x166bd00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.8172382671480144
                                                                                                                                                                                                  RT_ICON0x1674780x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.7276011560693642
                                                                                                                                                                                                  RT_ICON0x1679e00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.4179460580912863
                                                                                                                                                                                                  RT_ICON0x169f880x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.6719043151969981
                                                                                                                                                                                                  RT_ICON0x16b0300x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.8315602836879432
                                                                                                                                                                                                  RT_GROUP_ICON0x16b4980x84dataEnglishUnited States0.6363636363636364
                                                                                                                                                                                                  RT_VERSION0x16b51c0x228dataEnglishUnited States0.4891304347826087
                                                                                                                                                                                                  RT_MANIFEST0x16b7440x4c7exported SGML document, ASCII textEnglishUnited States0.4145543744889616

                                                                                                                                                                                                  Imports

                                                                                                                                                                                                  DLLImport
                                                                                                                                                                                                  ntdll.dllNtGetContextThread, NtOpenThread, NtSetContextThread
                                                                                                                                                                                                  advapi32.dllGetTokenInformation, OpenProcessToken, SystemFunction036
                                                                                                                                                                                                  bcrypt.dllBCryptGenRandom
                                                                                                                                                                                                  kernel32.dllAddVectoredExceptionHandler, CancelIo, CloseHandle, CompareStringOrdinal, CopyFileExW, CreateDirectoryW, CreateEventW, CreateFileMappingA, CreateFileW, CreateHardLinkW, CreateMutexA, CreateNamedPipeW, CreatePipe, CreateProcessW, CreateSymbolicLinkW, CreateThread, CreateTimerQueue, CreateToolhelp32Snapshot, CreateWaitableTimerExW, DebugActiveProcess, DeleteFileW, DeleteProcThreadAttributeList, DeleteTimerQueue, DeviceIoControl, DuplicateHandle, ExitProcess, FindClose, FindFirstFileExW, FindNextFileW, FlushFileBuffers, FormatMessageW, FreeEnvironmentStringsW, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetEnvironmentStringsW, GetEnvironmentVariableW, GetExitCodeProcess, GetFileAttributesW, GetFileInformationByHandle, GetFileInformationByHandleEx, GetFileType, GetFinalPathNameByHandleW, GetFullPathNameW, GetLastError, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetOverlappedResult, GetProcAddress, GetProcessHeap, GetProcessId, GetStdHandle, GetSystemDirectoryW, GetSystemInfo, GetSystemTimePreciseAsFileTime, GetTempPathW, GetWindowsDirectoryW, HeapAlloc, HeapCreate, HeapFree, HeapReAlloc, InitOnceBeginInitialize, InitOnceComplete, InitializeProcThreadAttributeList, LoadLibraryA, LockFileEx, MapViewOfFile, Module32FirstW, Module32NextW, MultiByteToWideChar, Process32FirstW, Process32NextW, QueryPerformanceCounter, QueryPerformanceFrequency, ReadConsoleW, ReadFile, ReadFileEx, ReleaseMutex, RemoveDirectoryW, RtlCaptureContext, SetCurrentDirectoryW, SetEnvironmentVariableW, SetEvent, SetFileAttributesW, SetFileInformationByHandle, SetFilePointerEx, SetFileTime, SetHandleInformation, SetLastError, SetThreadStackGuarantee, SetUnhandledExceptionFilter, SetWaitableTimer, Sleep, SleepEx, SwitchToThread, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnlockFile, UnmapViewOfFile, UpdateProcThreadAttribute, WaitForMultipleObjects, WaitForSingleObject, WaitForSingleObjectEx, WideCharToMultiByte, WriteConsoleW, WriteFileEx, lstrlenW
                                                                                                                                                                                                  ntdll.dllNtClose, NtOpenFile, NtQueryInformationProcess, NtQuerySystemInformation, NtReadFile, NtWriteFile, RtlNtStatusToDosError
                                                                                                                                                                                                  userenv.dllGetUserProfileDirectoryW
                                                                                                                                                                                                  ws2_32.dllWSACleanup, WSADuplicateSocketW, WSAGetLastError, WSARecv, WSASend, WSASocketW, WSAStartup, accept, bind, closesocket, connect, freeaddrinfo, getaddrinfo, getpeername, getsockname, getsockopt, ioctlsocket, listen, recv, recvfrom, select, send, sendto, setsockopt, shutdown
                                                                                                                                                                                                  api-ms-win-core-synch-l1-2-0.dllWaitOnAddress, WakeByAddressAll, WakeByAddressSingle
                                                                                                                                                                                                  bcryptprimitives.dllProcessPrng
                                                                                                                                                                                                  KERNEL32.dllCreateEventA, CreateSemaphoreA, DeleteCriticalSection, EnterCriticalSection, GetCurrentThreadId, GetHandleInformation, GetProcessAffinityMask, GetSystemTimeAsFileTime, GetThreadContext, GetThreadPriority, GetTickCount, InitializeCriticalSection, IsDebuggerPresent, LeaveCriticalSection, OpenProcess, OutputDebugStringA, RaiseException, ReleaseSemaphore, ResetEvent, ResumeThread, SetProcessAffinityMask, SetThreadContext, SetThreadPriority, SuspendThread, TryEnterCriticalSection, VirtualProtect, VirtualQuery
                                                                                                                                                                                                  msvcrt.dll__getmainargs, __initenv, __p__commode, __p__fmode, __set_app_type, __setusermatherr, _amsg_exit, _beginthreadex, _cexit, _commode, _endthreadex, _errno, _exit, _fmode, _fpreset, _initterm, _iob, _onexit, _setjmp3, _strdup, _vsnprintf, abort, calloc, exit, fprintf, free, fwrite, longjmp, malloc, memcmp, memcpy, memmove, memset, printf, realloc, signal, strlen, strncmp, vfprintf

                                                                                                                                                                                                  Possible Origin

                                                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                  EnglishUnited States

                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                  Suricata IDS Alerts

                                                                                                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                  2025-01-13T21:49:35.327874+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.44973123.197.127.21443TCP
                                                                                                                                                                                                  2025-01-13T21:49:35.950360+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.44973123.197.127.21443TCP

                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.674621105 CET49731443192.168.2.423.197.127.21
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.674724102 CET4434973123.197.127.21192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.674802065 CET49731443192.168.2.423.197.127.21
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.678911924 CET49731443192.168.2.423.197.127.21
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.678952932 CET4434973123.197.127.21192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:35.327728033 CET4434973123.197.127.21192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:35.327873945 CET49731443192.168.2.423.197.127.21
                                                                                                                                                                                                  Jan 13, 2025 21:49:35.334722042 CET49731443192.168.2.423.197.127.21
                                                                                                                                                                                                  Jan 13, 2025 21:49:35.334752083 CET4434973123.197.127.21192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:35.335073948 CET4434973123.197.127.21192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:35.379550934 CET49731443192.168.2.423.197.127.21
                                                                                                                                                                                                  Jan 13, 2025 21:49:35.467123985 CET49731443192.168.2.423.197.127.21
                                                                                                                                                                                                  Jan 13, 2025 21:49:35.507330894 CET4434973123.197.127.21192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:35.950355053 CET4434973123.197.127.21192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:35.950376034 CET4434973123.197.127.21192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:35.950412035 CET4434973123.197.127.21192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:35.950427055 CET4434973123.197.127.21192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:35.950428963 CET49731443192.168.2.423.197.127.21
                                                                                                                                                                                                  Jan 13, 2025 21:49:35.950459957 CET4434973123.197.127.21192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:35.950478077 CET4434973123.197.127.21192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:35.950495005 CET49731443192.168.2.423.197.127.21
                                                                                                                                                                                                  Jan 13, 2025 21:49:35.950517893 CET49731443192.168.2.423.197.127.21
                                                                                                                                                                                                  Jan 13, 2025 21:49:36.033955097 CET4434973123.197.127.21192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:36.034003973 CET4434973123.197.127.21192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:36.034035921 CET49731443192.168.2.423.197.127.21
                                                                                                                                                                                                  Jan 13, 2025 21:49:36.034076929 CET4434973123.197.127.21192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:36.034122944 CET49731443192.168.2.423.197.127.21
                                                                                                                                                                                                  Jan 13, 2025 21:49:36.052323103 CET4434973123.197.127.21192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:36.052386999 CET4434973123.197.127.21192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:36.052426100 CET4434973123.197.127.21192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:36.052423954 CET49731443192.168.2.423.197.127.21
                                                                                                                                                                                                  Jan 13, 2025 21:49:36.052470922 CET49731443192.168.2.423.197.127.21
                                                                                                                                                                                                  Jan 13, 2025 21:49:36.054680109 CET49731443192.168.2.423.197.127.21
                                                                                                                                                                                                  Jan 13, 2025 21:49:36.054701090 CET4434973123.197.127.21192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:36.054722071 CET49731443192.168.2.423.197.127.21
                                                                                                                                                                                                  Jan 13, 2025 21:49:36.054728031 CET4434973123.197.127.21192.168.2.4

                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.560789108 CET6513453192.168.2.41.1.1.1
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.570327044 CET53651341.1.1.1192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.574959993 CET5711453192.168.2.41.1.1.1
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.584358931 CET53571141.1.1.1192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.585494041 CET6052553192.168.2.41.1.1.1
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.593867064 CET53605251.1.1.1192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.595487118 CET5019553192.168.2.41.1.1.1
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.604391098 CET53501951.1.1.1192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.609302044 CET5166753192.168.2.41.1.1.1
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.618798971 CET53516671.1.1.1192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.622479916 CET5937553192.168.2.41.1.1.1
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.631232977 CET53593751.1.1.1192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.633290052 CET6351453192.168.2.41.1.1.1
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.641906023 CET53635141.1.1.1192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.643944979 CET5519653192.168.2.41.1.1.1
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.653342962 CET53551961.1.1.1192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.659301996 CET5392553192.168.2.41.1.1.1
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.666135073 CET53539251.1.1.1192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:36.059969902 CET6216953192.168.2.41.1.1.1
                                                                                                                                                                                                  Jan 13, 2025 21:49:37.067166090 CET6216953192.168.2.41.1.1.1
                                                                                                                                                                                                  Jan 13, 2025 21:49:37.423036098 CET53621691.1.1.1192.168.2.4
                                                                                                                                                                                                  Jan 13, 2025 21:49:37.423122883 CET53621691.1.1.1192.168.2.4

                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.560789108 CET192.168.2.41.1.1.10xdf76Standard query (0)truculengisau.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.574959993 CET192.168.2.41.1.1.10x24b9Standard query (0)fraggielek.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.585494041 CET192.168.2.41.1.1.10xf6c0Standard query (0)grandiouseziu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.595487118 CET192.168.2.41.1.1.10xf8feStandard query (0)littlenotii.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.609302044 CET192.168.2.41.1.1.10xac65Standard query (0)marketlumpe.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.622479916 CET192.168.2.41.1.1.10xa49fStandard query (0)nuttyshopr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.633290052 CET192.168.2.41.1.1.10x54f6Standard query (0)punishzement.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.643944979 CET192.168.2.41.1.1.10x97f8Standard query (0)spookycappy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.659301996 CET192.168.2.41.1.1.10x1a05Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Jan 13, 2025 21:49:36.059969902 CET192.168.2.41.1.1.10xd1f6Standard query (0)misha-lomonosov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Jan 13, 2025 21:49:37.067166090 CET192.168.2.41.1.1.10xd1f6Standard query (0)misha-lomonosov.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.570327044 CET1.1.1.1192.168.2.40xdf76Name error (3)truculengisau.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.584358931 CET1.1.1.1192.168.2.40x24b9Name error (3)fraggielek.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.593867064 CET1.1.1.1192.168.2.40xf6c0Name error (3)grandiouseziu.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.604391098 CET1.1.1.1192.168.2.40xf8feName error (3)littlenotii.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.618798971 CET1.1.1.1192.168.2.40xac65Name error (3)marketlumpe.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.631232977 CET1.1.1.1192.168.2.40xa49fName error (3)nuttyshopr.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.641906023 CET1.1.1.1192.168.2.40x54f6Name error (3)punishzement.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.653342962 CET1.1.1.1192.168.2.40x97f8Name error (3)spookycappy.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Jan 13, 2025 21:49:34.666135073 CET1.1.1.1192.168.2.40x1a05No error (0)steamcommunity.com23.197.127.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                  Jan 13, 2025 21:49:37.423036098 CET1.1.1.1192.168.2.40xd1f6Server failure (2)misha-lomonosov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                  Jan 13, 2025 21:49:37.423122883 CET1.1.1.1192.168.2.40xd1f6Server failure (2)misha-lomonosov.comnonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                  • steamcommunity.com

                                                                                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                  0192.168.2.44973123.197.127.214437412C:\Users\user\Desktop\uo9m.exe
                                                                                                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                                                                                                  2025-01-13 20:49:35 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                  Host: steamcommunity.com
                                                                                                                                                                                                  2025-01-13 20:49:35 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                  Server: nginx
                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                  Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                  Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                  Cache-Control: no-cache
                                                                                                                                                                                                  Date: Mon, 13 Jan 2025 20:49:35 GMT
                                                                                                                                                                                                  Content-Length: 35141
                                                                                                                                                                                                  Connection: close
                                                                                                                                                                                                  Set-Cookie: sessionid=6ea142275864432a1ee55dcb; Path=/; Secure; SameSite=None
                                                                                                                                                                                                  Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                  2025-01-13 20:49:35 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                  Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                  2025-01-13 20:49:36 UTC10097INData Raw: 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a
                                                                                                                                                                                                  Data Ascii: eamcommunity.com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">
                                                                                                                                                                                                  2025-01-13 20:49:36 UTC10565INData Raw: 2c 26 71 75 6f 74 3b 57 45 42 5f 55 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f
                                                                                                                                                                                                  Data Ascii: ,&quot;WEB_UNIVERSE&quot;:&quot;public&quot;,&quot;LANGUAGE&quot;:&quot;english&quot;,&quot;COUNTRY&quot;:&quot;US&quot;,&quot;MEDIA_CDN_COMMUNITY_URL&quot;:&quot;https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/&quot;,&quot;MEDIA_CDN_URL&quo


                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                  Start time:15:49:22
                                                                                                                                                                                                  Start date:13/01/2025
                                                                                                                                                                                                  Path:C:\Users\user\Desktop\uo9m.exe
                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                  Commandline:"C:\Users\user\Desktop\uo9m.exe"
                                                                                                                                                                                                  Imagebase:0xd20000
                                                                                                                                                                                                  File size:799'014'912 bytes
                                                                                                                                                                                                  MD5 hash:A83802CA265A8D7D66F7307BF4F16367
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                                    Execution Coverage:0.6%
                                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                    Signature Coverage:75.1%
                                                                                                                                                                                                    Total number of Nodes:842
                                                                                                                                                                                                    Total number of Limit Nodes:14
                                                                                                                                                                                                    execution_graph 51574 d21319 51575 d21320 51574->51575 51576 d211c2 51575->51576 51577 d21333 _amsg_exit 51575->51577 51578 d213a0 _initterm 51576->51578 51579 d211cf 51576->51579 51580 d2134d _initterm 51577->51580 51582 d211e7 51577->51582 51579->51580 51579->51582 51580->51582 51600 ddac60 51582->51600 51583 d21219 SetUnhandledExceptionFilter 51584 d2123a 51583->51584 51585 d2123f malloc 51584->51585 51586 d21264 51585->51586 51587 d213c8 51585->51587 51588 d21278 strlen malloc memcpy 51586->51588 51588->51588 51589 d212b0 51588->51589 51614 dda8e0 51589->51614 51591 d212c9 51619 d23f20 51591->51619 51594 d21303 51596 d21380 _cexit 51594->51596 51597 d2130d 51594->51597 51595 d213cf 51624 ddb3e0 exit _exit 51595->51624 51599 d213d7 51601 ddac80 51600->51601 51613 ddac73 51600->51613 51602 ddaf08 51601->51602 51604 ddaf47 51601->51604 51609 ddad62 51601->51609 51612 ddae38 51601->51612 51601->51613 51605 ddaf19 51602->51605 51602->51613 51626 ddaaa0 11 API calls 51604->51626 51605->51604 51625 ddab00 11 API calls 51605->51625 51607 ddaf5f 51607->51583 51608 ddaaa0 11 API calls 51608->51609 51609->51601 51609->51608 51610 ddab00 11 API calls 51609->51610 51610->51609 51611 ddae6a VirtualProtect 51611->51612 51612->51611 51612->51613 51613->51583 51615 dda8e9 51614->51615 51616 dda880 51614->51616 51615->51591 51616->51616 51627 d21400 _onexit 51616->51627 51618 dda8b0 51618->51591 51620 dda8e0 _onexit 51619->51620 51621 d23f31 51620->51621 51628 d5fe60 AddVectoredExceptionHandler SetThreadStackGuarantee GetCurrentThread SetThreadDescription 51621->51628 51624->51599 51625->51605 51626->51607 51627->51618 51645 d60440 51628->51645 51630 d5fe9d 51656 d602d0 51630->51656 51633 d5ff11 51686 d6d7e0 182 API calls 51633->51686 51634 d5fec3 51682 d24e10 51634->51682 51637 d212f0 51637->51594 51637->51595 51639 d5ff57 51687 d6d7e0 182 API calls 51639->51687 51641 d5fff5 51642 d5ffaf 51642->51641 51688 d2e250 51642->51688 51646 d6047c 51645->51646 51647 d6044d TlsGetValue 51645->51647 51691 d8d7d0 7 API calls 51646->51691 51648 d60459 51647->51648 51653 d60494 51647->51653 51648->51630 51650 d60486 TlsGetValue 51650->51648 51650->51653 51651 d6049e TlsGetValue 51651->51653 51652 d8d7d0 7 API calls 51652->51653 51653->51651 51653->51652 51654 d604b0 TlsGetValue 51653->51654 51654->51653 51655 d604be 51654->51655 51655->51630 51657 d602f2 TlsGetValue 51656->51657 51658 d603ab 51656->51658 51661 d5febb 51657->51661 51662 d60308 51657->51662 51692 d8d7d0 7 API calls 51658->51692 51661->51633 51661->51634 51663 d60315 TlsGetValue 51662->51663 51693 d8d7d0 7 API calls 51662->51693 51666 d603cf 51663->51666 51667 d6032b TlsGetValue 51663->51667 51694 d8d7d0 7 API calls 51666->51694 51670 d60347 51667->51670 51671 d60351 51667->51671 51670->51661 51674 d60396 TlsSetValue 51670->51674 51695 d8d7d0 7 API calls 51670->51695 51672 d6035e TlsSetValue 51671->51672 51696 d8d7d0 7 API calls 51671->51696 51677 d60402 51672->51677 51678 d60373 TlsSetValue 51672->51678 51674->51661 51697 d8d7d0 7 API calls 51677->51697 51678->51670 51698 d26fe0 51682->51698 51685 d8ce60 WaitOnAddress GetLastError WakeByAddressAll 51686->51639 51687->51642 51690 d79450 GetProcessHeap HeapFree 51688->51690 51690->51641 51691->51650 51692->51657 51693->51663 51694->51667 51695->51674 51696->51672 51697->51678 51701 d221e0 51698->51701 51699 d24e1d 51699->51637 51699->51685 51997 d29790 51701->51997 51703 d221ee 52361 d29320 51703->52361 51706 d22205 51707 d22241 51706->51707 52571 dae2c0 224 API calls 51706->52571 51708 d22289 CreateMutexA GetLastError 51707->51708 51713 d22247 51707->51713 51709 d2244e 51708->51709 51710 d222a5 51708->51710 51711 d22464 51709->51711 51714 d2e250 2 API calls 51709->51714 52384 d28760 51710->52384 51711->51699 51715 d224e8 51713->51715 51720 d22480 51713->51720 51714->51711 51716 d224e0 51715->51716 51717 d224fd 51715->51717 51716->51715 51725 d2e250 2 API calls 51716->51725 52573 dd2fc0 180 API calls 51717->52573 51718 d222ad 51719 d22375 51718->51719 52403 db16c0 51718->52403 52417 d27a40 CreateTimerQueue 51719->52417 51720->51713 51721 d2e250 2 API calls 51720->51721 51721->51716 51725->51717 51726 d22508 51728 d29790 253 API calls 51726->51728 51731 d22521 51728->51731 51730 d22399 51732 d223a4 memcpy 51730->51732 51733 d2246f 51730->51733 52574 d2d880 224 API calls 51731->52574 51735 d223c0 51732->51735 52572 dad7a9 224 API calls 51733->52572 51734 d222e1 51737 d22343 SetFileAttributesW 51734->51737 51739 d2e250 2 API calls 51734->51739 51735->51735 51740 d27a40 266 API calls 51735->51740 51741 d22360 51737->51741 51742 d22355 51737->51742 51743 d22340 51739->51743 51744 d223e1 51740->51744 51741->51719 51747 d2e250 2 API calls 51741->51747 51745 d2e250 2 API calls 51742->51745 51743->51737 52495 d27f50 memset 51744->52495 51745->51741 51747->51719 51749 d22409 HeapCreate 51750 d2243f 51749->51750 51751 d2241b HeapAlloc 51749->51751 51752 d2e250 2 API calls 51750->51752 51751->51750 51756 d2242c memcpy 51751->51756 51752->51709 51753 d2e250 2 API calls 51760 d2389f 51753->51760 51754 d2392f 51758 d23a6b 51754->51758 51765 d2e250 2 API calls 51754->51765 51755 d2e250 2 API calls 51757 d22406 51755->51757 51756->51750 51757->51749 51759 d23a86 51758->51759 51761 d2e250 2 API calls 51758->51761 51762 d23aa1 51759->51762 51766 d2e250 2 API calls 51759->51766 51760->51754 51763 d2e250 2 API calls 51760->51763 51761->51759 51767 d23abc 51762->51767 51770 d2e250 2 API calls 51762->51770 51763->51754 51764 d22542 51768 d236d6 51764->51768 51771 d29320 231 API calls 51764->51771 51887 d22ba8 51764->51887 51765->51758 51766->51762 51772 d23ad7 51767->51772 51777 d2e250 2 API calls 51767->51777 51769 d236f1 51768->51769 51774 d2e250 2 API calls 51768->51774 51775 d221e0 479 API calls 51769->51775 51770->51767 51776 d22637 51771->51776 51773 d23af2 51772->51773 51778 d2e250 2 API calls 51772->51778 51779 d23b0d 51773->51779 51781 d2e250 2 API calls 51773->51781 51774->51769 51794 d236f9 51775->51794 51780 d29320 231 API calls 51776->51780 51777->51772 51778->51773 51782 d23b23 51779->51782 51784 d2e250 2 API calls 51779->51784 51783 d22654 51780->51783 51781->51779 51785 d23b3e 51782->51785 51790 d2e250 2 API calls 51782->51790 51786 d29320 231 API calls 51783->51786 51784->51782 51787 d23b5d 51785->51787 51792 d2e250 2 API calls 51785->51792 51797 d2266e 51786->51797 52576 d214c0 GetProcessHeap HeapFree 51787->52576 51788 d23721 51791 d2373a 51788->51791 51795 d2e250 2 API calls 51788->51795 51789 d2e250 2 API calls 51789->51794 51790->51785 51791->51699 51792->51787 51794->51788 51794->51789 51795->51791 51796 d23c57 51799 d23c79 51796->51799 51801 d2e250 2 API calls 51796->51801 51798 d29320 231 API calls 51797->51798 51797->51887 51800 d22729 51798->51800 51802 d23c95 51799->51802 51804 d2e250 2 API calls 51799->51804 52575 d28c80 227 API calls 51800->52575 51801->51799 51805 d2e250 2 API calls 51802->51805 51815 d23cc2 51802->51815 51804->51802 51808 d23cb4 51805->51808 52577 d21790 GetProcessHeap HeapFree 51808->52577 51810 d23cd7 51819 d29790 253 API calls 51810->51819 52578 d21790 GetProcessHeap HeapFree 51815->52578 51822 d23cee 51819->51822 52579 d2d880 224 API calls 51822->52579 51833 d29320 231 API calls 51844 d23d09 51833->51844 51836 d23d6d memcmp 51836->51844 51838 d23dad 51845 d221e0 479 API calls 51838->51845 51841 d2e250 2 API calls 51841->51844 51842 d23e12 52580 d21790 GetProcessHeap HeapFree 51842->52580 51844->51833 51844->51836 51844->51838 51844->51841 51844->51842 51853 d23db2 51845->51853 51848 d23dec 51851 d23e02 51848->51851 51854 d2e250 2 API calls 51848->51854 51849 d23e30 52581 d21790 GetProcessHeap HeapFree 51849->52581 51851->51699 51853->51848 51856 d2e250 2 API calls 51853->51856 51854->51851 51856->51853 51859 d23e3d 51887->51753 51887->51760 51998 d29320 231 API calls 51997->51998 51999 d297b3 51998->51999 52000 d29320 231 API calls 51999->52000 52001 d297cd 52000->52001 52002 d29320 231 API calls 52001->52002 52003 d297e7 52002->52003 52004 d29320 231 API calls 52003->52004 52005 d29804 52004->52005 52006 d29320 231 API calls 52005->52006 52007 d29821 52006->52007 52008 d29320 231 API calls 52007->52008 52009 d2983e 52008->52009 52010 d29320 231 API calls 52009->52010 52011 d2985b 52010->52011 52012 d29320 231 API calls 52011->52012 52013 d29878 52012->52013 52014 d29320 231 API calls 52013->52014 52015 d29895 52014->52015 52016 d29320 231 API calls 52015->52016 52017 d298b2 52016->52017 52018 d29320 231 API calls 52017->52018 52019 d298cf 52018->52019 52020 d29320 231 API calls 52019->52020 52021 d298ec 52020->52021 52022 d29320 231 API calls 52021->52022 52023 d29909 52022->52023 52024 d29320 231 API calls 52023->52024 52025 d29926 52024->52025 52026 d29320 231 API calls 52025->52026 52027 d29943 52026->52027 52028 d29320 231 API calls 52027->52028 52029 d29960 52028->52029 52030 d29320 231 API calls 52029->52030 52031 d2997d 52030->52031 52032 d29320 231 API calls 52031->52032 52033 d2999a 52032->52033 52034 d29320 231 API calls 52033->52034 52035 d299b7 52034->52035 52036 d29320 231 API calls 52035->52036 52037 d299d4 52036->52037 52038 d29320 231 API calls 52037->52038 52039 d299f1 52038->52039 52040 d29320 231 API calls 52039->52040 52041 d29a0e 52040->52041 52042 d29320 231 API calls 52041->52042 52043 d29a2b 52042->52043 52044 d29320 231 API calls 52043->52044 52045 d29a48 52044->52045 52046 d29320 231 API calls 52045->52046 52047 d29a65 52046->52047 52048 d29320 231 API calls 52047->52048 52049 d29a82 52048->52049 52050 d29320 231 API calls 52049->52050 52051 d29a9f 52050->52051 52052 d29320 231 API calls 52051->52052 52053 d29abc 52052->52053 52054 d29320 231 API calls 52053->52054 52055 d29ad9 52054->52055 52056 d29320 231 API calls 52055->52056 52057 d29af6 52056->52057 52058 d29320 231 API calls 52057->52058 52059 d29b13 52058->52059 52060 d29320 231 API calls 52059->52060 52061 d29b30 52060->52061 52062 d29320 231 API calls 52061->52062 52063 d29b4d 52062->52063 52064 d29320 231 API calls 52063->52064 52065 d29b6a 52064->52065 52066 d29320 231 API calls 52065->52066 52067 d29b84 52066->52067 52068 d29320 231 API calls 52067->52068 52069 d29b9e 52068->52069 52070 d29320 231 API calls 52069->52070 52071 d29bb8 52070->52071 52072 d29320 231 API calls 52071->52072 52073 d29bd5 CreateToolhelp32Snapshot 52072->52073 52074 d29feb memset Process32FirstW 52073->52074 52078 d2a37f 52073->52078 52075 d2a379 CloseHandle 52074->52075 52090 d2a040 52074->52090 52075->52078 52076 d2b213 52076->51703 52077 d2e250 2 API calls 52077->52078 52078->52076 52078->52077 52081 d2b2b8 52586 dad7a9 224 API calls 52081->52586 52082 d2a23f memcpy 52082->52090 52083 d2e240 2 API calls 52083->52090 52085 d2e250 GetProcessHeap HeapFree 52085->52090 52086 d2b2cf 52089 d2b3cb 52086->52089 52093 d2e250 2 API calls 52086->52093 52087 d2a121 memcpy 52087->52090 52088 d2a2fa Process32NextW 52088->52090 52091 d2a3b8 52088->52091 52092 d2b3e4 52089->52092 52098 d2e250 2 API calls 52089->52098 52090->52081 52090->52082 52090->52083 52090->52085 52090->52087 52090->52088 52094 d2a33c CloseHandle GetCurrentProcessId DebugActiveProcess 52090->52094 52582 d26640 224 API calls 52090->52582 52583 d26d40 225 API calls 52090->52583 52096 d2a3ce CloseHandle 52091->52096 52100 d2e250 2 API calls 52091->52100 52095 d2b3fd 52092->52095 52099 d2e250 2 API calls 52092->52099 52093->52089 52097 d2a357 GetCurrentProcess TerminateProcess 52094->52097 52352 d2b27f 52094->52352 52101 d2b41c 52095->52101 52105 d2e250 2 API calls 52095->52105 52102 d2e240 2 API calls 52096->52102 52097->52078 52103 d2a36b 52097->52103 52098->52092 52099->52095 52104 d2a3cb 52100->52104 52107 d2b43b 52101->52107 52111 d2e250 2 API calls 52101->52111 52106 d2a3ea 52102->52106 52108 d2e250 2 API calls 52103->52108 52104->52096 52105->52101 52109 d2b3a6 52106->52109 52110 d2a3f8 52106->52110 52112 d2b45a 52107->52112 52116 d2e250 2 API calls 52107->52116 52360 d2a374 52108->52360 52587 dad7c4 224 API calls 52109->52587 52114 d29320 231 API calls 52110->52114 52111->52107 52113 d2b479 52112->52113 52117 d2e250 2 API calls 52112->52117 52118 d2b498 52113->52118 52120 d2e250 2 API calls 52113->52120 52119 d2a412 52114->52119 52116->52112 52117->52113 52121 d2b4b7 52118->52121 52123 d2e250 2 API calls 52118->52123 52122 d29320 231 API calls 52119->52122 52120->52118 52124 d2b4d2 52121->52124 52127 d2e250 2 API calls 52121->52127 52125 d2a42f 52122->52125 52123->52121 52126 d2b4ed 52124->52126 52129 d2e250 2 API calls 52124->52129 52128 d29320 231 API calls 52125->52128 52130 d2b508 52126->52130 52132 d2e250 2 API calls 52126->52132 52127->52124 52131 d2a44c 52128->52131 52129->52126 52133 d2b523 52130->52133 52136 d2e250 2 API calls 52130->52136 52134 d29320 231 API calls 52131->52134 52132->52130 52137 d2b53e 52133->52137 52140 d2e250 2 API calls 52133->52140 52135 d2a469 52134->52135 52139 d29320 231 API calls 52135->52139 52136->52133 52138 d2b559 52137->52138 52141 d2e250 2 API calls 52137->52141 52143 d2b574 52138->52143 52145 d2e250 2 API calls 52138->52145 52142 d2a486 52139->52142 52140->52137 52141->52138 52144 d29320 231 API calls 52142->52144 52146 d2b58f 52143->52146 52148 d2e250 2 API calls 52143->52148 52147 d2a4a3 52144->52147 52145->52143 52149 d2b5aa 52146->52149 52152 d2e250 2 API calls 52146->52152 52151 d29320 231 API calls 52147->52151 52148->52146 52150 d2b5c5 52149->52150 52153 d2e250 2 API calls 52149->52153 52154 d2b5e0 52150->52154 52156 d2e250 2 API calls 52150->52156 52155 d2a4c0 52151->52155 52152->52149 52153->52150 52158 d2b5fb 52154->52158 52160 d2e250 2 API calls 52154->52160 52157 d29320 231 API calls 52155->52157 52156->52154 52159 d2a4dd 52157->52159 52161 d2b616 52158->52161 52164 d2e250 2 API calls 52158->52164 52163 d29320 231 API calls 52159->52163 52160->52158 52162 d2b631 52161->52162 52165 d2e250 2 API calls 52161->52165 52166 d2b64c 52162->52166 52168 d2e250 2 API calls 52162->52168 52167 d2a4fa 52163->52167 52164->52161 52165->52162 52169 d2b667 52166->52169 52171 d2e250 2 API calls 52166->52171 52170 d29320 231 API calls 52167->52170 52168->52166 52172 d2b682 52169->52172 52175 d2e250 2 API calls 52169->52175 52173 d2a517 52170->52173 52171->52169 52174 d2b69d 52172->52174 52177 d2e250 2 API calls 52172->52177 52176 d29320 231 API calls 52173->52176 52178 d2b6b8 52174->52178 52180 d2e250 2 API calls 52174->52180 52175->52172 52179 d2a534 52176->52179 52177->52174 52181 d2b6d3 52178->52181 52184 d2e250 2 API calls 52178->52184 52182 d29320 231 API calls 52179->52182 52180->52178 52185 d2b6ee 52181->52185 52188 d2e250 2 API calls 52181->52188 52183 d2a551 52182->52183 52187 d29320 231 API calls 52183->52187 52184->52181 52186 d2b709 52185->52186 52189 d2e250 2 API calls 52185->52189 52191 d2b724 52186->52191 52193 d2e250 2 API calls 52186->52193 52190 d2a56e 52187->52190 52188->52185 52189->52186 52192 d29320 231 API calls 52190->52192 52194 d2b73f 52191->52194 52196 d2e250 2 API calls 52191->52196 52195 d2a58b 52192->52195 52193->52191 52197 d2b75a 52194->52197 52200 d2e250 2 API calls 52194->52200 52199 d29320 231 API calls 52195->52199 52196->52194 52198 d2b76f 52197->52198 52201 d2e250 2 API calls 52197->52201 52202 d2b784 52198->52202 52204 d2e250 2 API calls 52198->52204 52203 d2a5a8 52199->52203 52200->52197 52201->52198 52206 d2b799 52202->52206 52208 d2e250 2 API calls 52202->52208 52205 d29320 231 API calls 52203->52205 52204->52202 52207 d2a5c5 52205->52207 52209 d2b7b4 52206->52209 52212 d2e250 2 API calls 52206->52212 52211 d29320 231 API calls 52207->52211 52208->52206 52210 d2b7cf 52209->52210 52213 d2e250 2 API calls 52209->52213 52214 d2b7ea 52210->52214 52216 d2e250 2 API calls 52210->52216 52215 d2a5e2 52211->52215 52212->52209 52213->52210 52217 d2b805 52214->52217 52219 d2e250 2 API calls 52214->52219 52218 d29320 231 API calls 52215->52218 52216->52214 52220 d2b820 52217->52220 52223 d2e250 2 API calls 52217->52223 52221 d2a5ff 52218->52221 52219->52217 52222 d2b83b 52220->52222 52225 d2e250 2 API calls 52220->52225 52224 d29320 231 API calls 52221->52224 52226 d2b856 52222->52226 52228 d2e250 2 API calls 52222->52228 52223->52220 52227 d2a61c 52224->52227 52225->52222 52229 d2b871 52226->52229 52232 d2e250 2 API calls 52226->52232 52230 d29320 231 API calls 52227->52230 52228->52226 52233 d2b88c 52229->52233 52236 d2e250 2 API calls 52229->52236 52231 d2a639 52230->52231 52235 d29320 231 API calls 52231->52235 52232->52229 52234 d2b8a7 52233->52234 52237 d2e250 2 API calls 52233->52237 52239 d2b8c2 52234->52239 52241 d2e250 2 API calls 52234->52241 52238 d2a653 52235->52238 52236->52233 52237->52234 52240 d29320 231 API calls 52238->52240 52242 d2b8dd 52239->52242 52244 d2e250 2 API calls 52239->52244 52243 d2a66d 52240->52243 52241->52239 52245 d2b8f8 52242->52245 52248 d2e250 2 API calls 52242->52248 52247 d29320 231 API calls 52243->52247 52244->52242 52246 d2b913 52245->52246 52249 d2e250 2 API calls 52245->52249 52250 d2b92e 52246->52250 52252 d2e250 2 API calls 52246->52252 52251 d2a687 52247->52251 52248->52245 52249->52246 52254 d2b949 52250->52254 52256 d2e250 2 API calls 52250->52256 52253 d29320 231 API calls 52251->52253 52252->52250 52255 d2a6a4 52253->52255 52257 d2b964 52254->52257 52260 d2e250 2 API calls 52254->52260 52259 d29320 231 API calls 52255->52259 52256->52254 52258 d2b97f 52257->52258 52261 d2e250 2 API calls 52257->52261 52262 d2b99a 52258->52262 52264 d2e250 2 API calls 52258->52264 52263 d2a6c1 52259->52263 52260->52257 52261->52258 52266 d2e250 2 API calls 52262->52266 52269 d2b9b5 52262->52269 52265 d29320 231 API calls 52263->52265 52264->52262 52267 d2a6de 52265->52267 52266->52269 52270 d29320 231 API calls 52267->52270 52268 d2e250 2 API calls 52271 d2c2cc 52268->52271 52269->52268 52272 d2a6fb 52270->52272 52588 d29710 GetProcessHeap HeapFree 52271->52588 52273 d29320 231 API calls 52272->52273 52274 d2a718 52273->52274 52276 d29320 231 API calls 52274->52276 52278 d2a735 52276->52278 52277 d2c2da 52283 d2c2e0 52277->52283 52589 dd2fc0 180 API calls 52277->52589 52280 d29320 231 API calls 52278->52280 52281 d2a752 52280->52281 52282 d29320 231 API calls 52281->52282 52284 d2a76f 52282->52284 52283->51703 52283->52283 52285 d29320 231 API calls 52284->52285 52286 d2a78c 52285->52286 52287 d29320 231 API calls 52286->52287 52288 d2a7a9 52287->52288 52289 d29320 231 API calls 52288->52289 52290 d2a7c6 52289->52290 52291 d29320 231 API calls 52290->52291 52292 d2a7e3 52291->52292 52293 d29320 231 API calls 52292->52293 52294 d2a800 52293->52294 52295 d29320 231 API calls 52294->52295 52296 d2a81d 52295->52296 52297 d29320 231 API calls 52296->52297 52298 d2a83a 52297->52298 52299 d29320 231 API calls 52298->52299 52300 d2a857 52299->52300 52301 d29320 231 API calls 52300->52301 52302 d2a874 52301->52302 52303 d29320 231 API calls 52302->52303 52304 d2a891 52303->52304 52305 d29320 231 API calls 52304->52305 52306 d2a8ae 52305->52306 52307 d29320 231 API calls 52306->52307 52308 d2a8cb 52307->52308 52309 d29320 231 API calls 52308->52309 52310 d2a8e8 52309->52310 52311 d29320 231 API calls 52310->52311 52312 d2a905 52311->52312 52313 d29320 231 API calls 52312->52313 52314 d2a922 52313->52314 52315 d29320 231 API calls 52314->52315 52316 d2a93f 52315->52316 52317 d29320 231 API calls 52316->52317 52318 d2a95c 52317->52318 52319 d29320 231 API calls 52318->52319 52320 d2a979 52319->52320 52321 d29320 231 API calls 52320->52321 52322 d2a996 52321->52322 52323 d29320 231 API calls 52322->52323 52324 d2a9b3 52323->52324 52325 d29320 231 API calls 52324->52325 52326 d2a9d0 52325->52326 52327 d29320 231 API calls 52326->52327 52328 d2a9ed 52327->52328 52329 d29320 231 API calls 52328->52329 52330 d2aa0a 52329->52330 52331 d29320 231 API calls 52330->52331 52332 d2aa24 52331->52332 52333 d29320 231 API calls 52332->52333 52334 d2aa3b 52333->52334 52335 d29320 231 API calls 52334->52335 52336 d2aa55 52335->52336 52337 d29320 231 API calls 52336->52337 52342 d2aa72 52337->52342 52338 d2b1d7 52584 d27550 GetProcessHeap HeapFree 52338->52584 52339 d29320 231 API calls 52339->52342 52341 dae090 226 API calls 52341->52342 52342->52086 52342->52338 52342->52339 52342->52341 52345 d2b11c GetModuleHandleA 52342->52345 52343 d2e250 2 API calls 52344 d2b1e5 52343->52344 52344->52076 52344->52343 52346 d2b12c GetProcAddress 52345->52346 52348 d2b086 52345->52348 52346->52348 52347 d2b16b 52350 d2b239 GetCurrentProcessId DebugActiveProcess 52347->52350 52354 d2e250 2 API calls 52347->52354 52348->52342 52348->52347 52349 d2e250 GetProcessHeap HeapFree 52348->52349 52351 d2b1d2 52348->52351 52349->52348 52350->52352 52353 d2b24f GetCurrentProcess TerminateProcess 52350->52353 52351->52338 52352->52086 52355 d2b263 52353->52355 52356 d2b26e 52353->52356 52357 d2b236 52354->52357 52358 d2e250 2 API calls 52355->52358 52585 d27550 GetProcessHeap HeapFree 52356->52585 52357->52350 52358->52356 52360->52078 52364 d29339 52361->52364 52366 d295a1 52361->52366 52362 d29352 52367 d2e240 2 API calls 52362->52367 52369 d29364 52362->52369 52363 d29593 52591 dad7a9 224 API calls 52363->52591 52364->52362 52364->52363 52366->51706 52367->52369 52368 d29378 memcpy 52370 d29524 52368->52370 52374 d2939a 52368->52374 52369->52368 52381 d2952f 52369->52381 52372 d2e250 2 API calls 52370->52372 52370->52381 52372->52381 52374->52366 52590 d25680 6 API calls 52374->52590 52378 d29650 52378->52381 52381->52378 52383 d29573 52381->52383 52592 dad7a9 224 API calls 52381->52592 52383->51706 52385 d28790 52384->52385 52387 d287d7 52385->52387 52388 d28837 52385->52388 52402 d2882c 52385->52402 52593 d25310 258 API calls 52385->52593 52594 d28880 258 API calls 52387->52594 52599 d27900 GetProcessHeap HeapFree 52388->52599 52391 d287e8 52595 d28880 258 API calls 52391->52595 52392 d28868 52600 dd2fc0 180 API calls 52392->52600 52395 d287f9 52596 d28880 258 API calls 52395->52596 52396 d28871 52398 d2880a 52597 d28880 258 API calls 52398->52597 52400 d2881b 52598 d28880 258 API calls 52400->52598 52402->51718 52404 db16d0 52403->52404 52405 db1716 52403->52405 52407 d2e240 2 API calls 52404->52407 52412 db16ee memcpy 52404->52412 52601 dad7a9 224 API calls 52405->52601 52410 db16e7 52407->52410 52409 db1724 52602 dad7a9 224 API calls 52409->52602 52410->52409 52410->52412 52412->51734 52418 d27a56 CreateEventW 52417->52418 52419 d22382 52417->52419 52418->52419 52420 d27a6d GetModuleHandleA 52418->52420 52487 d2e240 52419->52487 52420->52419 52421 d27a7c 52420->52421 52421->52419 52603 d36260 52421->52603 52425 d27aa1 52426 d29320 231 API calls 52425->52426 52427 d27abb LoadLibraryA 52426->52427 52428 d29320 231 API calls 52427->52428 52429 d27ae3 GetProcAddress 52428->52429 52430 d27b03 52429->52430 52431 d27afa 52429->52431 52433 d27b18 52430->52433 52434 d2e250 2 API calls 52430->52434 52432 d2e250 2 API calls 52431->52432 52432->52430 52435 d29320 231 API calls 52433->52435 52434->52433 52436 d27b32 GetModuleHandleA 52435->52436 52437 d29320 231 API calls 52436->52437 52438 d27b5a GetProcAddress 52437->52438 52439 d27b71 52438->52439 52440 d27b7a 52438->52440 52441 d2e250 2 API calls 52439->52441 52442 d27b8f 52440->52442 52443 d2e250 2 API calls 52440->52443 52441->52440 52444 d29320 231 API calls 52442->52444 52443->52442 52445 d27ba9 LoadLibraryA 52444->52445 52446 d29320 231 API calls 52445->52446 52447 d27bd1 GetProcAddress 52446->52447 52448 d27bf4 52447->52448 52449 d27be8 52447->52449 52450 d27bf1 52448->52450 52451 d27c06 52448->52451 52452 d2e250 2 API calls 52449->52452 52450->52448 52453 d2e250 2 API calls 52450->52453 52454 d29320 231 API calls 52451->52454 52452->52450 52453->52451 52455 d27c20 LoadLibraryA 52454->52455 52456 d29320 231 API calls 52455->52456 52457 d27c48 GetProcAddress 52456->52457 52458 d27c68 52457->52458 52459 d27c5f 52457->52459 52462 d2e250 2 API calls 52458->52462 52464 d27c7d 52458->52464 52460 d2e250 2 API calls 52459->52460 52460->52458 52461 d29320 231 API calls 52463 d27c97 LoadLibraryA 52461->52463 52462->52464 52465 d29320 231 API calls 52463->52465 52464->52461 52466 d27cbf GetProcAddress 52465->52466 52467 d27cdf 52466->52467 52468 d27cd6 52466->52468 52470 d27cf4 52467->52470 52471 d2e250 2 API calls 52467->52471 52469 d2e250 2 API calls 52468->52469 52469->52467 52472 d29320 231 API calls 52470->52472 52471->52470 52473 d27d0e LoadLibraryA 52472->52473 52474 d29320 231 API calls 52473->52474 52475 d27d36 GetProcAddress 52474->52475 52476 d27d55 52475->52476 52477 d27d4c 52475->52477 52479 d27d6a 52476->52479 52480 d2e250 2 API calls 52476->52480 52478 d2e250 2 API calls 52477->52478 52478->52476 52481 d27dc6 52479->52481 52482 d27da6 CreateEventW 52479->52482 52480->52479 52481->52419 52619 d36090 GetProcessHeap HeapFree 52481->52619 52482->52481 52484 d27db7 WaitForSingleObject 52482->52484 52484->52481 52486 d27de1 SetEvent DeleteTimerQueue 52484->52486 52485 d27dd6 52485->52419 52486->52419 52486->52481 52488 d793f0 52487->52488 52489 d79402 52488->52489 52490 d79419 52488->52490 52680 d8a950 GetProcessHeap 52489->52680 52491 d8a950 2 API calls 52490->52491 52493 d7942c 52491->52493 52493->51730 52494 d79413 52494->51730 52496 d28136 52495->52496 52497 d27f89 52495->52497 52498 d282e4 AddVectoredExceptionHandler NtQueryInformationProcess 52496->52498 52501 d29320 231 API calls 52496->52501 52499 d29320 231 API calls 52497->52499 52500 d2831d 52498->52500 52505 d27fa0 52499->52505 52502 d2e240 2 API calls 52500->52502 52509 d2815a 52501->52509 52503 d28337 52502->52503 52507 d28342 NtQuerySystemInformation 52503->52507 52508 d2865e 52503->52508 52504 d2818b 52513 d281a1 52504->52513 52685 dae2c0 224 API calls 52504->52685 52510 d27fe1 52505->52510 52683 dae2c0 224 API calls 52505->52683 52543 d28364 52507->52543 52545 d285f7 52507->52545 52688 dad7a9 224 API calls 52508->52688 52509->52504 52509->52513 52514 d2802c GetModuleHandleA 52510->52514 52531 d27fe7 52510->52531 52517 d281ec GetModuleHandleA 52513->52517 52513->52531 52519 d2803b LoadLibraryA 52514->52519 52520 d28049 52514->52520 52516 d2e250 2 API calls 52539 d223ed 52516->52539 52522 d29320 231 API calls 52517->52522 52519->52520 52552 d285bb 52519->52552 52521 d29320 231 API calls 52520->52521 52540 d28063 52521->52540 52522->52531 52523 d283c4 52526 d285e2 52523->52526 52527 d2846f 52523->52527 52542 d2e250 2 API calls 52526->52542 52526->52545 52534 d2e250 2 API calls 52527->52534 52528 d28403 NtOpenThread 52528->52543 52547 d2829d GetProcAddress 52531->52547 52686 dae2c0 224 API calls 52531->52686 52556 d28484 52534->52556 52535 d2e250 2 API calls 52535->52539 52536 d2808b 52544 d2809d 52536->52544 52684 dae2c0 224 API calls 52536->52684 52537 d28296 52537->52547 52539->51749 52539->51755 52540->52536 52540->52544 52542->52545 52543->52523 52543->52528 52543->52545 52687 d264f0 224 API calls 52543->52687 52544->52531 52549 d280f0 GetProcAddress 52544->52549 52545->52516 52550 d2857e 52547->52550 52551 d282af 52547->52551 52548 d28490 NtGetContextThread 52548->52552 52548->52556 52553 d28541 52549->52553 52554 d28101 52549->52554 52557 d2e250 2 API calls 52550->52557 52562 d2852d 52550->52562 52555 d282cb 52551->52555 52559 d2e250 2 API calls 52551->52559 52552->52535 52552->52539 52553->52562 52567 d2e250 2 API calls 52553->52567 52558 d2811d 52554->52558 52564 d2e250 2 API calls 52554->52564 52555->52498 52565 d2e250 2 API calls 52555->52565 52556->52548 52560 d28503 NtSetContextThread 52556->52560 52561 d284de 52556->52561 52557->52562 52558->52496 52568 d2e250 2 API calls 52558->52568 52559->52555 52560->52552 52566 d2851a NtClose 52560->52566 52561->52560 52562->52539 52562->52552 52563 d28579 52562->52563 52563->52539 52564->52558 52569 d282e1 52565->52569 52566->52548 52566->52562 52567->52562 52570 d28133 52568->52570 52569->52498 52570->52496 52571->51707 52573->51726 52574->51764 52576->51796 52577->51815 52578->51810 52579->51844 52580->51849 52581->51859 52582->52090 52583->52090 52584->52344 52585->52360 52587->52086 52588->52277 52589->52283 52590->52370 52594->52391 52595->52395 52596->52398 52597->52400 52598->52402 52599->52392 52600->52396 52620 d36520 52603->52620 52605 d36269 52606 d27a91 52605->52606 52623 d3a7b0 228 API calls 52605->52623 52608 d26360 52606->52608 52678 d36390 228 API calls 52608->52678 52610 d2637a 52610->52425 52611 d26373 52611->52610 52612 d263b8 52611->52612 52613 d263a4 52611->52613 52679 dd2fc0 180 API calls 52612->52679 52613->52611 52614 d2e250 2 API calls 52613->52614 52614->52612 52616 d263c1 52617 d2e250 2 API calls 52616->52617 52618 d263d2 52616->52618 52617->52618 52618->52425 52619->52485 52624 d341e0 52620->52624 52622 d3652f 52622->52605 52623->52605 52625 d34392 52624->52625 52626 d341f9 TlsGetValue 52624->52626 52671 d8d7d0 7 API calls 52625->52671 52628 d3437f 52626->52628 52629 d34209 52626->52629 52628->52622 52629->52628 52631 d34328 52629->52631 52661 d3a990 52629->52661 52630 d34398 TlsGetValue 52630->52628 52630->52629 52633 d2e240 2 API calls 52631->52633 52634 d34341 52633->52634 52635 d34348 TlsGetValue TlsSetValue 52634->52635 52636 d343ae 52634->52636 52635->52628 52637 d34366 52635->52637 52672 dad7c4 224 API calls 52636->52672 52641 d34372 52637->52641 52670 d36090 GetProcessHeap HeapFree 52637->52670 52638 d34244 52640 d343b7 52638->52640 52645 d2e240 2 API calls 52638->52645 52673 dad7c4 224 API calls 52640->52673 52643 d2e250 2 API calls 52641->52643 52643->52628 52647 d3429d 52645->52647 52646 d34414 52649 d2e250 2 API calls 52646->52649 52647->52640 52648 d342a8 memset 52647->52648 52648->52631 52650 d34443 52649->52650 52674 dd2fc0 180 API calls 52650->52674 52652 d3444c 52653 d2e250 2 API calls 52652->52653 52654 d3445d 52652->52654 52653->52654 52655 d34475 52654->52655 52675 d36090 GetProcessHeap HeapFree 52654->52675 52676 dd2fc0 180 API calls 52655->52676 52658 d3447e 52677 d34710 GetProcessHeap HeapFree 52658->52677 52660 d34546 52660->52622 52662 d3a99e 52661->52662 52663 d3a9c8 52661->52663 52664 d3ae60 BCryptGenRandom SystemFunction036 52662->52664 52663->52638 52665 d3a9a7 52664->52665 52665->52663 52666 d2e240 GetProcessHeap HeapAlloc 52665->52666 52667 d3a9c1 52666->52667 52667->52663 52668 dad7c4 224 API calls 52667->52668 52669 d3a9e0 52668->52669 52669->52638 52670->52641 52671->52630 52672->52640 52673->52646 52674->52652 52675->52655 52676->52658 52677->52660 52678->52611 52679->52616 52681 d8a96a 52680->52681 52682 d8a95c HeapAlloc 52680->52682 52681->52494 52682->52494 52683->52510 52684->52544 52685->52513 52686->52537 52687->52543 52689 dd5b20 52704 dd5700 19 API calls 52689->52704 52691 dd5b36 GetCurrentThreadId CreateEventA 52703 dd5b2c 52691->52703 52692 dd5c33 52693 dd5b8c GetCurrentProcess GetCurrentThread GetCurrentProcess DuplicateHandle 52694 ddba9e abort 52693->52694 52695 dd5bf0 GetThreadPriority TlsSetValue 52693->52695 52697 ddbab1 GetModuleHandleA 52694->52697 52695->52692 52695->52694 52699 ddbb19 52697->52699 52700 ddbae9 GetProcAddress GetProcAddress 52697->52700 52700->52699 52701 dd5c58 TlsGetValue 52702 dd5c6d 52701->52702 52701->52703 52703->52689 52703->52691 52703->52692 52703->52693 52703->52694 52703->52701 52705 dd57f0 23 API calls 52703->52705 52704->52703 52705->52703

                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                    Function 00D29790 Relevance: 40.7, APIs: 19, Strings: 3, Instructions: 2160processCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00D29320: memcpy.MSVCRT(00000001,!Z,00E45AC0), ref: 00D2937D
                                                                                                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00D29FDD
                                                                                                                                                                                                    • memset.MSVCRT ref: 00D29FFB
                                                                                                                                                                                                    • Process32FirstW.KERNEL32(00000000,?), ref: 00D2A033
                                                                                                                                                                                                    • memcpy.MSVCRT(00000000,?,00000000), ref: 00D2A128
                                                                                                                                                                                                    • memcpy.MSVCRT(00000001,?,00000000,?,?,?,00000002,00000000), ref: 00D2A245
                                                                                                                                                                                                    • Process32NextW.KERNEL32(?,0000022C), ref: 00D2A304
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00000002,00000000), ref: 00D2A37A
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00D2A3D1
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • called `Result::unwrap()` on an `Err` value/rustc/243d2ca4db6f96d2d18aaf3a2381251d38eb6b0b\library\alloc\src\slice.rs, xrefs: 00D2B355, 00D2B397
                                                                                                                                                                                                    • ;Z, xrefs: 00D2B2C3
                                                                                                                                                                                                    • :, xrefs: 00D2B03E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: memcpy$CloseHandleProcess32$CreateFirstNextSnapshotToolhelp32memset
                                                                                                                                                                                                    • String ID: :$;Z$called `Result::unwrap()` on an `Err` value/rustc/243d2ca4db6f96d2d18aaf3a2381251d38eb6b0b\library\alloc\src\slice.rs
                                                                                                                                                                                                    • API String ID: 3108730875-3034944078
                                                                                                                                                                                                    • Opcode ID: a025377b3ffe629b0d548b0be3e6d7c2a0ec7ca1d6f09988b390ae403275531f
                                                                                                                                                                                                    • Instruction ID: b366f3384c7f1724e8fce06e4361977fe87047aa65784e30353b64ab09180952
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a025377b3ffe629b0d548b0be3e6d7c2a0ec7ca1d6f09988b390ae403275531f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5613A771E40728ABDB20DF24EC46FDAB379EF59708F0441E5F5087A182E7B19A858F61
                                                                                                                                                                                                    Function 00D27A40 Relevance: 35.3, APIs: 19, Strings: 1, Instructions: 335libraryloadertimeCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 582 d27a40-d27a50 CreateTimerQueue 583 d27a56-d27a67 CreateEventW 582->583 584 d27dd9-d27de0 582->584 583->584 585 d27a6d-d27a76 GetModuleHandleA 583->585 585->584 586 d27a7c-d27a7f 585->586 586->584 587 d27a85-d27af8 call d36260 call d26360 call d29320 LoadLibraryA call d29320 GetProcAddress 586->587 596 d27b06-d27b0b 587->596 597 d27afa-d27b03 call d2e250 587->597 599 d27b1b-d27b6f call d29320 GetModuleHandleA call d29320 GetProcAddress 596->599 600 d27b0d-d27b18 call d2e250 596->600 597->596 608 d27b71-d27b7a call d2e250 599->608 609 d27b7d-d27b82 599->609 600->599 608->609 611 d27b92-d27be6 call d29320 LoadLibraryA call d29320 GetProcAddress 609->611 612 d27b84-d27b8f call d2e250 609->612 620 d27bf4-d27bf9 611->620 621 d27be8-d27beb 611->621 612->611 622 d27bfb-d27c06 call d2e250 620->622 623 d27c09-d27c5d call d29320 LoadLibraryA call d29320 GetProcAddress 620->623 624 d27bec-d27bf1 call d2e250 621->624 622->623 632 d27c6b-d27c70 623->632 633 d27c5f-d27c68 call d2e250 623->633 624->620 635 d27c72-d27c7d call d2e250 632->635 636 d27c80-d27cd4 call d29320 LoadLibraryA call d29320 GetProcAddress 632->636 633->632 635->636 644 d27ce2-d27ce7 636->644 645 d27cd6-d27cdf call d2e250 636->645 647 d27cf7-d27d4a call d29320 LoadLibraryA call d29320 GetProcAddress 644->647 648 d27ce9-d27cf4 call d2e250 644->648 645->644 656 d27d58-d27d5d 647->656 657 d27d4c-d27d55 call d2e250 647->657 648->647 659 d27d5f-d27d6a call d2e250 656->659 660 d27d6d-d27d9a 656->660 657->656 659->660 663 d27dc6-d27dcb 660->663 664 d27d9c-d27da0 660->664 663->584 667 d27dcd-d27dd6 call d36090 663->667 664->663 666 d27da2-d27da4 664->666 666->663 668 d27da6-d27db5 CreateEventW 666->668 667->584 668->663 670 d27db7-d27dc4 WaitForSingleObject 668->670 670->663 672 d27de1-d27df2 SetEvent DeleteTimerQueue 670->672 672->584 673 d27df4 672->673 673->667
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateTimerQueue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,00D22382), ref: 00D27A49
                                                                                                                                                                                                    • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00D27A60
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00D27A6F
                                                                                                                                                                                                      • Part of subcall function 00D29320: memcpy.MSVCRT(00000001,!Z,00E45AC0), ref: 00D2937D
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(00000000,?,?,?,?,?,00000000,00000000), ref: 00D27AC5
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00D27AEB
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,?,00000000), ref: 00D27B3C
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00D27B62
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,?,00000000,?,?,?,00000000,?), ref: 00D27BB3
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,?,00000000,?,?,?,00000000,?), ref: 00D27C2A
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00D27C50
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,?,00000000,?,?,?,00000000,?), ref: 00D27CA1
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00D27CC7
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,?,00000000,?,?,?,00000000,?), ref: 00D27D18
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00D27D3E
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00D27BD9
                                                                                                                                                                                                      • Part of subcall function 00D2E250: GetProcessHeap.KERNEL32(?), ref: 00D79460
                                                                                                                                                                                                      • Part of subcall function 00D2E250: HeapFree.KERNEL32(00000000,00000000,00000000,?), ref: 00D79469
                                                                                                                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,00000000,?,?,?,?,?,00000000,?,?,?,00000000,?), ref: 00D27DAE
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,00D22382,00000000,00000001,00000000,00000000,00000000,?,?,?,?,?,00000000), ref: 00D27DBD
                                                                                                                                                                                                    • SetEvent.KERNEL32(00000000,00000000,00D22382,00000000,00000001,00000000,00000000,00000000,?,?,?,?,?,00000000), ref: 00D27DE2
                                                                                                                                                                                                    • DeleteTimerQueue.KERNEL32(00000000), ref: 00D27DE8
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressProc$LibraryLoad$CreateEvent$HandleHeapModuleQueueTimer$DeleteFreeObjectProcessSingleWaitmemcpy
                                                                                                                                                                                                    • String ID: {~U
                                                                                                                                                                                                    • API String ID: 93789523-940978701
                                                                                                                                                                                                    • Opcode ID: 75712b865dc9a893409cf3d74282237afd20b0d92015c048cb283c9654fa52a8
                                                                                                                                                                                                    • Instruction ID: d964d6111702ed7ffc6d9ad951d974e08efba739078ede5e4df5a3bc33398d0c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 75712b865dc9a893409cf3d74282237afd20b0d92015c048cb283c9654fa52a8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 11B131B6E40319BBEF10EAB5AC43FAE776CEF64748F044125F901B6283E6B5D9048670
                                                                                                                                                                                                    Function 00D221E0 Relevance: 33.3, APIs: 13, Strings: 5, Instructions: 1764memorysynchronizationCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00D29320: memcpy.MSVCRT(00000001,!Z,00E45AC0), ref: 00D2937D
                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 00D22290
                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000000,00000000), ref: 00D22295
                                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000007,?,?,?,?,?,?,00000000), ref: 00D22349
                                                                                                                                                                                                    • memcpy.MSVCRT(00000000,00DE12C4,000632FF,?,?,?,00000000), ref: 00D223B1
                                                                                                                                                                                                    • HeapCreate.KERNEL32(00040000,00000000,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00D22412
                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,00000008,000632FF,00040000,00000000,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00D22423
                                                                                                                                                                                                    • memcpy.MSVCRT(00000000,00000000,000632FF,00000000,00000008,000632FF,00040000,00000000,00000000), ref: 00D22435
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: memcpy$CreateHeap$AllocAttributesErrorFileLastMutex
                                                                                                                                                                                                    • String ID: $ J$/i:S$SYNC$a Display implementation returned an error unexpectedly/rustc/243d2ca4db6f96d2d18aaf3a2381251d38eb6b0b\library\alloc\src\string.rs
                                                                                                                                                                                                    • API String ID: 394507146-4107024699
                                                                                                                                                                                                    • Opcode ID: dfbce9807defea3d1d7040cf9740ab5874ea0f4eaaab4395db4a798dac71341c
                                                                                                                                                                                                    • Instruction ID: 4c8666ea759a322dcc09f15c4b8e2d716ff9b21af54f0503e22ec373781d2040
                                                                                                                                                                                                    • Opcode Fuzzy Hash: dfbce9807defea3d1d7040cf9740ab5874ea0f4eaaab4395db4a798dac71341c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56E220B5E00228ABEF20DB54ED42FEEB7B9AF64708F044195F509B7281D7719E448B71
                                                                                                                                                                                                    Function 00D27F50 Relevance: 26.8, APIs: 13, Strings: 2, Instructions: 587librarynativeloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1298 d27f50-d27f83 memset 1299 d28136-d2813d 1298->1299 1300 d27f89-d27faf call d29320 1298->1300 1301 d28143-d28169 call d29320 1299->1301 1302 d282e4-d2831b AddVectoredExceptionHandler NtQueryInformationProcess 1299->1302 1310 d27fb1-d27fb3 1300->1310 1311 d27fcd-d27fdf call dbfc80 1300->1311 1316 d2816b-d2816d 1301->1316 1317 d2818d-d28191 1301->1317 1304 d28323-d2833c call d2e240 1302->1304 1305 d2831d-d28320 1302->1305 1324 d28342-d2835e NtQuerySystemInformation 1304->1324 1325 d2865e-d28677 call dad7a9 1304->1325 1305->1304 1312 d28015-d2802a call dae2c0 1310->1312 1313 d27fb5-d27fb7 1310->1313 1311->1312 1329 d27fe1-d27fe5 1311->1329 1340 d2802c-d28039 GetModuleHandleA 1312->1340 1320 d27fc0-d27fc4 1313->1320 1318 d281d5-d281ea call dae2c0 1316->1318 1319 d2816f-d2817b 1316->1319 1321 d28193-d2819f call dbfc80 1317->1321 1348 d281ec-d28221 GetModuleHandleA call d29320 1318->1348 1328 d28180-d28184 1319->1328 1320->1329 1330 d27fc6-d27fc9 1320->1330 1321->1318 1336 d281a1-d281a5 1321->1336 1326 d28364-d28381 1324->1326 1327 d285fa-d28602 call d2e250 1324->1327 1350 d28708-d28710 1325->1350 1351 d2867d-d286a4 1325->1351 1326->1327 1335 d28387-d28399 1326->1335 1344 d28607-d28621 1327->1344 1328->1336 1337 d28186-d28189 1328->1337 1339 d27fe7-d28010 call dba430 1329->1339 1329->1340 1330->1320 1338 d27fcb 1330->1338 1345 d283a0-d283aa 1335->1345 1347 d281a7-d281d0 call dba430 1336->1347 1336->1348 1337->1328 1346 d2818b 1337->1346 1338->1312 1372 d2827f 1339->1372 1352 d2803b-d28043 LoadLibraryA 1340->1352 1353 d28049-d28075 call d29320 1340->1353 1355 d28650-d2865d 1344->1355 1357 d283d0-d283dc 1345->1357 1358 d283ac-d283b7 1345->1358 1346->1318 1347->1372 1379 d28223-d28225 1348->1379 1380 d2823d-d2824b call dbfc80 1348->1380 1362 d28712-d28753 call d2e250 1350->1362 1363 d28756-d2875e call dd2fc0 1350->1363 1373 d286a4-d286ac call d2e250 1351->1373 1352->1353 1354 d28623-d28642 1352->1354 1382 d28077-d28079 1353->1382 1383 d2808d-d2808f 1353->1383 1354->1355 1366 d28644-d28647 1354->1366 1357->1358 1370 d283de-d283e7 1357->1370 1368 d28461-d28469 1358->1368 1369 d283bd-d283c2 1358->1369 1362->1363 1381 d28648-d2864d call d2e250 1366->1381 1376 d285e2-d285e7 1368->1376 1377 d2846f-d2848c call d2e250 1368->1377 1369->1345 1384 d283c4 1369->1384 1385 d28403-d2843e NtOpenThread 1370->1385 1388 d28281-d2829b call dae2c0 1372->1388 1373->1350 1376->1327 1392 d285e9-d285f7 call d2e250 1376->1392 1419 d28490-d284a1 NtGetContextThread 1377->1419 1379->1388 1389 d28227-d28229 1379->1389 1380->1388 1415 d2824d-d28254 1380->1415 1381->1355 1398 d280d4-d280ee call dae2c0 1382->1398 1399 d2807b-d2807d 1382->1399 1400 d28091-d2809b call dbfc80 1383->1400 1384->1368 1393 d28440-d2844c 1385->1393 1394 d283fd-d28401 1385->1394 1418 d2829d-d282a9 GetProcAddress 1388->1418 1404 d28230-d28234 1389->1404 1392->1327 1411 d283f0-d283fa 1393->1411 1412 d2844e-d2845f call d264f0 1393->1412 1394->1358 1394->1385 1422 d280f0-d280fb GetProcAddress 1398->1422 1406 d28080-d28084 1399->1406 1400->1398 1421 d2809d-d280a4 1400->1421 1414 d28236-d28239 1404->1414 1404->1415 1420 d28086-d28089 1406->1420 1406->1421 1411->1394 1412->1411 1414->1404 1427 d2823b 1414->1427 1415->1418 1429 d28256-d2827c call dba430 1415->1429 1423 d2857e-d2859a 1418->1423 1424 d282af-d282c0 1418->1424 1425 d284a7-d284ae 1419->1425 1426 d285bb-d285cb 1419->1426 1420->1406 1428 d2808b 1420->1428 1421->1422 1430 d280a6-d280cf call dba430 1421->1430 1434 d28541-d2855d 1422->1434 1435 d28101-d28112 1422->1435 1432 d285a8-d285b0 1423->1432 1433 d2859c-d285a5 call d2e250 1423->1433 1438 d282c2-d282cb call d2e250 1424->1438 1439 d282ce-d282d6 1424->1439 1440 d284b0-d284cb 1425->1440 1441 d284d5-d284dc 1425->1441 1436 d285d2-d285d7 1426->1436 1427->1388 1428->1398 1429->1372 1430->1372 1432->1355 1447 d285b6 1432->1447 1433->1432 1452 d2856b-d28573 1434->1452 1453 d2855f-d28568 call d2e250 1434->1453 1444 d28120-d28128 1435->1444 1445 d28114-d2811d call d2e250 1435->1445 1436->1355 1451 d285d9-d285e0 1436->1451 1438->1439 1439->1302 1448 d282d8-d282e1 call d2e250 1439->1448 1440->1441 1449 d28503-d28514 NtSetContextThread 1441->1449 1450 d284de-d284f9 1441->1450 1444->1299 1459 d2812a-d28133 call d2e250 1444->1459 1445->1444 1447->1366 1448->1302 1449->1426 1462 d2851a-d28527 NtClose 1449->1462 1450->1449 1451->1381 1452->1366 1456 d28579 1452->1456 1453->1452 1456->1355 1459->1299 1462->1419 1467 d2852d-d2853c 1462->1467 1467->1436
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memset.MSVCRT ref: 00D27F6A
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000), ref: 00D2802F
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(00000000,00000000), ref: 00D2803C
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00000000), ref: 00D280F4
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000), ref: 00D281F0
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,00000000), ref: 00D282A2
                                                                                                                                                                                                    • AddVectoredExceptionHandler.KERNEL32(00000001,00D27E80), ref: 00D282EB
                                                                                                                                                                                                      • Part of subcall function 00D29320: memcpy.MSVCRT(00000001,!Z,00E45AC0), ref: 00D2937D
                                                                                                                                                                                                    • NtQueryInformationProcess.NTDLL(000000FF,00000000,?,00000018,00000000), ref: 00D2830D
                                                                                                                                                                                                    • NtQuerySystemInformation.NTDLL(00000005,00000000,00100000,00000000), ref: 00D28357
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressHandleInformationModuleProcQuery$ExceptionHandlerLibraryLoadProcessSystemVectoredmemcpymemset
                                                                                                                                                                                                    • String ID: ?$called `Result::unwrap()` on an `Err` value
                                                                                                                                                                                                    • API String ID: 4247985971-3528718506
                                                                                                                                                                                                    • Opcode ID: d7c168c9f9e40d143b62bb1379754c6a5024adf0827b5e7a010dae57e7035975
                                                                                                                                                                                                    • Instruction ID: b9498f06b07a0c792836b6860666df6bbde1b7d1175ba1754fe8c28ae87bb5a7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d7c168c9f9e40d143b62bb1379754c6a5024adf0827b5e7a010dae57e7035975
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 94226171E01328AFDB11DF94EC41BAEBBB8AF64708F184065F805B7292DBB19944DB71
                                                                                                                                                                                                    Function 00D2116A Relevance: 15.2, APIs: 10, Instructions: 150sleepstringCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1470 d2116a-d21185 1471 d211a4-d211b0 1470->1471 1472 d211b2-d211bc 1471->1472 1473 d21190-d21192 1471->1473 1476 d211c2-d211c9 1472->1476 1477 d21333-d21347 _amsg_exit 1472->1477 1474 d21320-d2132d 1473->1474 1475 d21198-d211a1 Sleep 1473->1475 1474->1476 1474->1477 1475->1471 1478 d213a0-d213be _initterm 1476->1478 1479 d211cf-d211e1 1476->1479 1480 d211e7-d211e9 1477->1480 1481 d2134d-d2136d _initterm 1477->1481 1479->1480 1479->1481 1482 d21373-d21379 1480->1482 1483 d211ef-d211f6 1480->1483 1481->1482 1481->1483 1482->1483 1484 d21214-d2125e call ddac60 SetUnhandledExceptionFilter call dda6f0 call ddaa90 malloc 1483->1484 1485 d211f8-d21211 1483->1485 1493 d21264-d21275 1484->1493 1494 d213c8-d213ca 1484->1494 1485->1484 1495 d21278-d212ae strlen malloc memcpy 1493->1495 1495->1495 1496 d212b0-d212fd call dda8e0 call d23f20 1495->1496 1501 d21303-d2130b 1496->1501 1502 d213cf-d213de call ddb3e0 1496->1502 1503 d21380-d21395 _cexit 1501->1503 1504 d2130d-d21318 1501->1504
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: malloc$ExceptionFilterSleepUnhandledmemcpystrlen
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3806033187-0
                                                                                                                                                                                                    • Opcode ID: f07c803e8dc6e9dc825c56366bd4ec149ec29216d9079e0ae7de49b6b07689d9
                                                                                                                                                                                                    • Instruction ID: 6097b2658ce2a80afe2f1c2c3e99bc68bdb83a96b099dadabd79169427d49f8b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f07c803e8dc6e9dc825c56366bd4ec149ec29216d9079e0ae7de49b6b07689d9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29517AB4904315CFCB50EF69E88465DBBF1FF54304F14892AD988AB321D770A948DBB2
                                                                                                                                                                                                    Function 00D21319 Relevance: 10.6, APIs: 7, Instructions: 96stringCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1567 d21319-d2132d 1569 d211c2-d211c9 1567->1569 1570 d21333-d21347 _amsg_exit 1567->1570 1571 d213a0-d213be _initterm 1569->1571 1572 d211cf-d211e1 1569->1572 1573 d211e7-d211e9 1570->1573 1574 d2134d-d2136d _initterm 1570->1574 1572->1573 1572->1574 1575 d21373-d21379 1573->1575 1576 d211ef-d211f6 1573->1576 1574->1575 1574->1576 1575->1576 1577 d21214-d2125e call ddac60 SetUnhandledExceptionFilter call dda6f0 call ddaa90 malloc 1576->1577 1578 d211f8-d21211 1576->1578 1586 d21264-d21275 1577->1586 1587 d213c8-d213ca 1577->1587 1578->1577 1588 d21278-d212ae strlen malloc memcpy 1586->1588 1588->1588 1589 d212b0-d212eb call dda8e0 call d23f20 1588->1589 1593 d212f0-d212fd 1589->1593 1594 d21303-d2130b 1593->1594 1595 d213cf-d213de call ddb3e0 1593->1595 1596 d21380-d21395 _cexit 1594->1596 1597 d2130d-d21318 1594->1597
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: malloc$ExceptionFilterUnhandled_amsg_exit_inittermmemcpystrlen
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1364285269-0
                                                                                                                                                                                                    • Opcode ID: f39fdc743dc5d96743c3098c27a84bc21f2999d65105170a0c539a611db6c620
                                                                                                                                                                                                    • Instruction ID: a784bca6ad367912b1ae593a06190ce6b4cb039f43fb5bec9f99eb6ec4184360
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f39fdc743dc5d96743c3098c27a84bc21f2999d65105170a0c539a611db6c620
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 954145B8904315CFCB50EF69E88425DBBF1FF54304F05882ED888A7321D774A949DBA2
                                                                                                                                                                                                    Function 00D21187 Relevance: 9.1, APIs: 6, Instructions: 102sleepstringCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1600 d21187-d2118e 1601 d21190-d21192 1600->1601 1602 d21320-d2132d 1601->1602 1603 d21198-d211b0 Sleep 1601->1603 1604 d211c2-d211c9 1602->1604 1605 d21333-d21347 _amsg_exit 1602->1605 1603->1601 1611 d211b2-d211bc 1603->1611 1607 d213a0-d213be _initterm 1604->1607 1608 d211cf-d211e1 1604->1608 1609 d211e7-d211e9 1605->1609 1610 d2134d-d2136d _initterm 1605->1610 1608->1609 1608->1610 1612 d21373-d21379 1609->1612 1613 d211ef-d211f6 1609->1613 1610->1612 1610->1613 1611->1604 1611->1605 1612->1613 1614 d21214-d2125e call ddac60 SetUnhandledExceptionFilter call dda6f0 call ddaa90 malloc 1613->1614 1615 d211f8-d21211 1613->1615 1623 d21264-d21275 1614->1623 1624 d213c8-d213ca 1614->1624 1615->1614 1625 d21278-d212ae strlen malloc memcpy 1623->1625 1625->1625 1626 d212b0-d212fd call dda8e0 call d23f20 1625->1626 1631 d21303-d2130b 1626->1631 1632 d213cf-d213de call ddb3e0 1626->1632 1633 d21380-d21395 _cexit 1631->1633 1634 d2130d-d21318 1631->1634
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: malloc$ExceptionFilterSleepUnhandled_amsg_exit_inittermmemcpystrlen
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2601417275-0
                                                                                                                                                                                                    • Opcode ID: 25cc1f25ed5119d1517eb47e6a9bc15ab6afd262fc20b72a514586d572fc063f
                                                                                                                                                                                                    • Instruction ID: 2d21b81e9604b33a58b70175d5595c614864d7146ace01fb4ab1f461e02771bd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 25cc1f25ed5119d1517eb47e6a9bc15ab6afd262fc20b72a514586d572fc063f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CC4148B5A04215CFCB50EF69E88475EB7F1FF54344F048929D888AB320D770A949CBA2
                                                                                                                                                                                                    Function 00D5FE60 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129threadCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • AddVectoredExceptionHandler.KERNEL32(00000000,00D8A790,?,?,?,?,?,?,?,?,?,?,00000001,?,?,00D23F4A), ref: 00D5FE70
                                                                                                                                                                                                    • SetThreadStackGuarantee.KERNEL32(00005000,00000000,00D8A790,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00D5FE80
                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 00D5FE85
                                                                                                                                                                                                    • SetThreadDescription.KERNELBASE(00000000,main,00005000,00000000,00D8A790,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00D5FE96
                                                                                                                                                                                                      • Part of subcall function 00D60440: TlsGetValue.KERNEL32(?,?,?,00D5FE9D,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00D6044F
                                                                                                                                                                                                      • Part of subcall function 00D602D0: TlsGetValue.KERNEL32(00000000,?,00000000,00E80058,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00D602F4
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Thread$Value$CurrentDescriptionExceptionGuaranteeHandlerStackVectored
                                                                                                                                                                                                    • String ID: main
                                                                                                                                                                                                    • API String ID: 1241031705-3207122276
                                                                                                                                                                                                    • Opcode ID: e19aca8f1df4d25d76defd4f4940b280942e92920078b598695a8b520764a411
                                                                                                                                                                                                    • Instruction ID: 098bdc30b21ec8ea45d3636f91b652292ab391313da39d6f3d5eabe9af2a675a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e19aca8f1df4d25d76defd4f4940b280942e92920078b598695a8b520764a411
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 604145B1D00209ABDB00EBA5EC45BDEBBB8EF44304F144025F919BB281E779994DCBB5
                                                                                                                                                                                                    Function 00D21160 Relevance: 7.6, APIs: 5, Instructions: 110sleepstringCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1673 d21160-d21185 1675 d211a4-d211b0 1673->1675 1676 d211b2-d211bc 1675->1676 1677 d21190-d21192 1675->1677 1680 d211c2-d211c9 1676->1680 1681 d21333-d21347 _amsg_exit 1676->1681 1678 d21320-d2132d 1677->1678 1679 d21198-d211a1 Sleep 1677->1679 1678->1680 1678->1681 1679->1675 1682 d213a0-d213be _initterm 1680->1682 1683 d211cf-d211e1 1680->1683 1684 d211e7-d211e9 1681->1684 1685 d2134d-d2136d _initterm 1681->1685 1683->1684 1683->1685 1686 d21373-d21379 1684->1686 1687 d211ef-d211f6 1684->1687 1685->1686 1685->1687 1686->1687 1688 d21214-d2125e call ddac60 SetUnhandledExceptionFilter call dda6f0 call ddaa90 malloc 1687->1688 1689 d211f8-d21211 1687->1689 1697 d21264-d21275 1688->1697 1698 d213c8-d213ca 1688->1698 1689->1688 1699 d21278-d212ae strlen malloc memcpy 1697->1699 1699->1699 1700 d212b0-d212fd call dda8e0 call d23f20 1699->1700 1705 d21303-d2130b 1700->1705 1706 d213cf-d213de call ddb3e0 1700->1706 1707 d21380-d21395 _cexit 1705->1707 1708 d2130d-d21318 1705->1708
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: malloc$ExceptionFilterSleepUnhandledmemcpystrlen
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3806033187-0
                                                                                                                                                                                                    • Opcode ID: bb44c0f3a2432a6d32bdb5b862f9d149e8d4ecfca571d64a4a24220becd65af4
                                                                                                                                                                                                    • Instruction ID: 67e0c7f3e4d0e7d9700c2d791949aeec6ce0815ebb6daf5fb2624c073e5c0992
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bb44c0f3a2432a6d32bdb5b862f9d149e8d4ecfca571d64a4a24220becd65af4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0A417AB5904315CFCB50EF69E98465EBBF1FF54304F04892DE848AB320E770A949DBA2
                                                                                                                                                                                                    Function 00D3AE60 Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1783 d3ae60-d3ae6d 1784 d3ae9b-d3aea1 1783->1784 1785 d3ae6f-d3ae81 BCryptGenRandom 1783->1785 1785->1784 1786 d3ae83-d3ae98 SystemFunction036 1785->1786 1786->1784
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • BCryptGenRandom.BCRYPT(00000000,?,?,00000002,00000000,00000000,?,?,00D3A9A7,?,00D35C59,?,00000000,?,00D35C59,?), ref: 00D3AE77
                                                                                                                                                                                                    • SystemFunction036.ADVAPI32(?,?,00000000,?,?,00000002,00000000,00000000,?,?,00D3A9A7,?,00D35C59,?,00000000), ref: 00D3AE89
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CryptFunction036RandomSystem
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1232939966-0
                                                                                                                                                                                                    • Opcode ID: 64ff9b39271a35cde2008302aba175f506d380be61680f8c4f234fde65af9d4d
                                                                                                                                                                                                    • Instruction ID: b0314b4fdc804b344064ccfa6eb2921ae16a499189f0eea4148c0c111b003f0f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64ff9b39271a35cde2008302aba175f506d380be61680f8c4f234fde65af9d4d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 73E04F733013297AEE2019999C85FA6AB9DCBC5BE4F164222FF18A7191C9618C4102F5
                                                                                                                                                                                                    Function 00D2E250 Relevance: 2.5, APIs: 2, Instructions: 19memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1787 d2e250-d7945b 1789 d79460-d79470 GetProcessHeap HeapFree 1787->1789 1790 d7945d 1787->1790 1790->1789
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(?), ref: 00D79460
                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,00000000,?), ref: 00D79469
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$FreeProcess
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3859560861-0
                                                                                                                                                                                                    • Opcode ID: 16e183b6eb68152252668b6be5a544e1ffa688d1baf64f404ecaa14cce942121
                                                                                                                                                                                                    • Instruction ID: 396bca75dd2a8f2cfe261ef202767c06b34a8f72160b39385471810cc6cbf858
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 16e183b6eb68152252668b6be5a544e1ffa688d1baf64f404ecaa14cce942121
                                                                                                                                                                                                    • Instruction Fuzzy Hash: ABE0EC31105215BBCA00AA59C809A4BFBE8EB85768F108415F94C67211D370FD40C6E9
                                                                                                                                                                                                    Function 00DD5B20 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 126threadlibraryloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00DD5B3D
                                                                                                                                                                                                    • CreateEventA.KERNEL32 ref: 00DD5B65
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000004,74DEDF20), ref: 00DD5BA7
                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 00DD5BAB
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000004,74DEDF20), ref: 00DD5BB3
                                                                                                                                                                                                    • DuplicateHandle.KERNELBASE ref: 00DD5BDF
                                                                                                                                                                                                    • GetThreadPriority.KERNEL32 ref: 00DD5BF6
                                                                                                                                                                                                    • TlsSetValue.KERNEL32 ref: 00DD5C22
                                                                                                                                                                                                    • TlsGetValue.KERNEL32 ref: 00DD5C60
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA9E
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00DD3854), ref: 00DDBADC
                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 00DDBAFC
                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 00DDBB10
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • kernel32.dll, xrefs: 00DDBAD5
                                                                                                                                                                                                    • RemoveVectoredExceptionHandler, xrefs: 00DDBB05
                                                                                                                                                                                                    • AddVectoredExceptionHandler, xrefs: 00DDBAF1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Current$Thread$AddressHandleProcProcessValue$CreateDuplicateEventModulePriorityabort
                                                                                                                                                                                                    • String ID: AddVectoredExceptionHandler$RemoveVectoredExceptionHandler$kernel32.dll
                                                                                                                                                                                                    • API String ID: 1214264455-3889795909
                                                                                                                                                                                                    • Opcode ID: 8855ab8746b432c8ba0cdbc9119656b75b997cadff38a6497752bdfd790bbe9a
                                                                                                                                                                                                    • Instruction ID: 878690964f0e1c6cf66c3b56fced43dd6b05d7aa28dd56b69192c66c429be77b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8855ab8746b432c8ba0cdbc9119656b75b997cadff38a6497752bdfd790bbe9a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 42414CB18047008FDB00AF79E98931ABFF8FB44354F444A6EE89987356E774D449CBA2
                                                                                                                                                                                                    Function 00D29320 Relevance: 13.7, APIs: 1, Strings: 8, Instructions: 225COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1507 d29320-d29333 1508 d295a1-d295c4 call dba2c2 1507->1508 1509 d29339-d29344 1507->1509 1514 d295c9-d295ce call d2e440 1508->1514 1511 d29586-d2958d call d291b0 1509->1511 1512 d2934a-d2934c 1509->1512 1515 d29352 1511->1515 1516 d29593-d2959c call dad7a9 1511->1516 1512->1515 1512->1516 1517 d29373 1515->1517 1518 d29354-d2935f call d2e240 1515->1518 1516->1508 1523 d29378-d29394 memcpy 1517->1523 1525 d29364-d29369 1518->1525 1526 d295d3-d295d5 1523->1526 1527 d2939a-d29428 1523->1527 1528 d29655-d29671 call dad7a9 1525->1528 1529 d2936f-d29371 1525->1529 1531 d295e3-d295fc call dba430 1526->1531 1532 d295d7-d295e0 call d2e250 1526->1532 1527->1514 1530 d2942e-d29529 call d25da0 call d25680 1527->1530 1542 d29673-d296a1 call d2e250 1528->1542 1543 d296a4-d296bc call dd2fc0 1528->1543 1529->1523 1530->1526 1550 d2952f-d29545 call d33e80 1530->1550 1538 d29601-d2964b call dba430 1531->1538 1532->1531 1545 d29650-d29653 1538->1545 1542->1543 1552 d296d2 1543->1552 1553 d296be-d296c4 1543->1553 1545->1528 1550->1531 1561 d2954b-d2956d call dc0510 1550->1561 1557 d296d8-d296e3 call dc8d20 1552->1557 1556 d296c6-d296d1 call dc9980 1553->1556 1553->1557 1561->1538 1566 d29573-d29585 1561->1566
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memcpy.MSVCRT(00000001,!Z,00E45AC0), ref: 00D2937D
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: memcpy
                                                                                                                                                                                                    • String ID: !Z$!Z$2-by$called `Result::unwrap()` on an `Err` value$expa$nd 3$te k$Z
                                                                                                                                                                                                    • API String ID: 3510742995-4268648072
                                                                                                                                                                                                    • Opcode ID: f64bace392b1a5f310477d46f70c1901c42fa9f66739e60b9df9612d641c1e07
                                                                                                                                                                                                    • Instruction ID: 9aacc4c1f2fbd051e62481d1411aa0e30b004b3d1f135d281af4b7dbca300350
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f64bace392b1a5f310477d46f70c1901c42fa9f66739e60b9df9612d641c1e07
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8916C71908B849BD721DF14E841BABB7E9FFDA344F044A1EF8886B241EB709544CB72
                                                                                                                                                                                                    Function 00D341E0 Relevance: 6.5, APIs: 5, Instructions: 247COMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1711 d341e0-d341f3 1712 d34392-d343a6 call d8d7d0 TlsGetValue 1711->1712 1713 d341f9-d34203 TlsGetValue 1711->1713 1716 d34209 1712->1716 1722 d343ac 1712->1722 1715 d3438a-d34391 1713->1715 1713->1716 1718 d34388 1716->1718 1719 d3420f-d34214 1716->1719 1718->1715 1720 d34226-d3423f call d3a990 1719->1720 1721 d34216-d34220 1719->1721 1725 d34244-d34249 1720->1725 1721->1720 1723 d34328-d34346 call d2e240 1721->1723 1722->1715 1732 d34348-d34364 TlsGetValue TlsSetValue 1723->1732 1733 d343ae-d343ba call dad7c4 1723->1733 1727 d3424f-d342a2 call d36540 * 2 call d2e240 1725->1727 1728 d343bc-d34403 call db9fd0 1725->1728 1746 d34408-d34451 call dad7c4 call d2e250 call dd2fc0 1727->1746 1755 d342a8-d3431e memset 1727->1755 1742 d34406 1728->1742 1734 d34382-d34386 1732->1734 1735 d34366-d3436a 1732->1735 1733->1742 1734->1715 1740 d34375-d3437f call d2e250 1735->1740 1741 d3436c-d34372 call d36090 1735->1741 1740->1734 1741->1740 1742->1746 1760 d34453-d3445d call d2e250 1746->1760 1761 d34460-d34469 call dba251 1746->1761 1755->1723 1760->1761 1766 d3446b-d34475 call d36090 1761->1766 1767 d34478-d344a7 call dd2fc0 call dba251 1761->1767 1766->1767 1774 d344b6-d344be 1767->1774 1775 d344a9-d344b1 1767->1775 1777 d344c0-d344d7 1774->1777 1778 d344d9-d344df 1774->1778 1776 d3453b-d3454a call d34710 1775->1776 1777->1776 1780 d344e1-d34506 1778->1780 1781 d34508-d34536 1778->1781 1780->1776 1781->1776
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • TlsGetValue.KERNEL32(-00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 00D341FB
                                                                                                                                                                                                    • memset.MSVCRT ref: 00D342C2
                                                                                                                                                                                                    • TlsGetValue.KERNEL32(00000000), ref: 00D34350
                                                                                                                                                                                                    • TlsSetValue.KERNEL32(00000000,00000000,00000000), ref: 00D3435D
                                                                                                                                                                                                    • TlsGetValue.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 00D3439E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Value$memset
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3732838118-0
                                                                                                                                                                                                    • Opcode ID: ddb299176ec3113e4214138a0616f1dad98d73c3f2719a672fd1d6dda1f1426c
                                                                                                                                                                                                    • Instruction ID: d971be576d4dc3bd6be641ddde17a81e891d40679b1a1067e9b73cfba59b9914
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ddb299176ec3113e4214138a0616f1dad98d73c3f2719a672fd1d6dda1f1426c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74912871D04740AFD701DB249C427EABBA4EFA5318F048618F9845B3D2E7B5A648C7B2
                                                                                                                                                                                                    Function 00D8A950 Relevance: 2.5, APIs: 2, Instructions: 14memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                                    • Executed
                                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                                    control_flow_graph 1791 d8a950-d8a95a GetProcessHeap 1792 d8a96a-d8a96d 1791->1792 1793 d8a95c-d8a969 HeapAlloc 1791->1793
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(?,00D7942C,?,?,?,?,?,?,?,?,?,?,?,?,80000000,?), ref: 00D8A953
                                                                                                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,?,?,00D7942C), ref: 00D8A963
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$AllocProcess
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1617791916-0
                                                                                                                                                                                                    • Opcode ID: d7fd53b4c5597121ba28862d77ff2c03ee8de1afbacbf0044e3576887307571b
                                                                                                                                                                                                    • Instruction ID: adc80a83f76203c22eb5901f3d0aaa9b8ed17f329dc3c6b45720482da46376a6
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d7fd53b4c5597121ba28862d77ff2c03ee8de1afbacbf0044e3576887307571b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3C08C3200430C2A9F003EF02C05A2B3F5CAF84320F480426FD0C80612E936D420DAB4

                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                    Function 00D83374 Relevance: 107.7, APIs: 49, Strings: 10, Instructions: 4422COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetEnvironmentStringsW.KERNEL32 ref: 00D833C7
                                                                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(?), ref: 00D83559
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00D83EBD
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00D871E3
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00D87ABB
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseEnvironmentHandleStrings$ErrorFreeLast
                                                                                                                                                                                                    • String ID: program path has no file name$.exeprogram not found$?$H$PATHlibrary\std\src\sys_common\process.rs$\?\\$]?\\$assertion failed: is_code_point_boundary(self, new_len)$assertion failed: self.height > 0$exe\\.\NULexit code:
                                                                                                                                                                                                    • API String ID: 1593577933-227677938
                                                                                                                                                                                                    • Opcode ID: 9786350a9902a6a54278be5773cd3e7f04b79e67d4902bdc9b7beece213b75b2
                                                                                                                                                                                                    • Instruction ID: ee00d1f59de6e19738d255d0fddfcb277f6189112f4dbda280390ece0f784046
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9786350a9902a6a54278be5773cd3e7f04b79e67d4902bdc9b7beece213b75b2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7483C1719083419FD720EF24D881BAABBE5EFD5314F18892DE8C997352E770D905CBA2
                                                                                                                                                                                                    Function 00DD2110 Relevance: 53.0, APIs: 27, Strings: 3, Instructions: 494stringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • kernel32.dll, xrefs: 00DDBAD5
                                                                                                                                                                                                    • RemoveVectoredExceptionHandler, xrefs: 00DDBB05
                                                                                                                                                                                                    • AddVectoredExceptionHandler, xrefs: 00DDBAF1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: strlen
                                                                                                                                                                                                    • String ID: AddVectoredExceptionHandler$RemoveVectoredExceptionHandler$kernel32.dll
                                                                                                                                                                                                    • API String ID: 39653677-3889795909
                                                                                                                                                                                                    • Opcode ID: 4df824aca85ddb2a7f2ba1728a6218675ffafacea0b0a4e0e2f7d8f673bd4102
                                                                                                                                                                                                    • Instruction ID: 19a6707ae6bcde604353c26fc9dcdf554fe92d5315ee92bbde9873b79e040463
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4df824aca85ddb2a7f2ba1728a6218675ffafacea0b0a4e0e2f7d8f673bd4102
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B512B0B15087408FD720CF28C484776BBE1AFA5314F0D86AEE4D58B3A2D775E849DB62
                                                                                                                                                                                                    Function 00D8F02E Relevance: 45.6, APIs: 18, Strings: 6, Instructions: 3587COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • 4, xrefs: 00D91F9E
                                                                                                                                                                                                    • O, xrefs: 00D92CE6
                                                                                                                                                                                                    • O, xrefs: 00D922BC
                                                                                                                                                                                                    • .debug_abbrev.debug_addr.debug_aranges.debug_cu_index.debug_info.debug_line.debug_line_str.debug_loc.debug_loclists.debug_ranges.debug_rnglists.debug_str.debug_str_offsets.debug_tu_index.debug_types, xrefs: 00D900D3
                                                                                                                                                                                                    • P, xrefs: 00D912B2
                                                                                                                                                                                                    • .debug_abbrev.dwo.debug_info.dwo.debug_line.dwo.debug_loc.dwo.debug_loclists.dwo.debug_rnglists.dwo.debug_str.dwo.debug_str_offsets.dwo.debug_types.dwo, xrefs: 00D924A9
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: .debug_abbrev.debug_addr.debug_aranges.debug_cu_index.debug_info.debug_line.debug_line_str.debug_loc.debug_loclists.debug_ranges.debug_rnglists.debug_str.debug_str_offsets.debug_tu_index.debug_types$.debug_abbrev.dwo.debug_info.dwo.debug_line.dwo.debug_loc.dwo.debug_loclists.dwo.debug_rnglists.dwo.debug_str.dwo.debug_str_offsets.dwo.debug_types.dwo$4$O$O$P
                                                                                                                                                                                                    • API String ID: 0-793445337
                                                                                                                                                                                                    • Opcode ID: 1e66065edaee023c891e1342ca41443e765243558da510700794d42f4f36e88f
                                                                                                                                                                                                    • Instruction ID: 76b159575d100b6f5e9a78de9382ea212e1d677c8763de7b99fd9985df5120ca
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e66065edaee023c891e1342ca41443e765243558da510700794d42f4f36e88f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A8325B19087819FD774CF28C480BABB7E1BFC9304F148A2EE9D997251DB709945CB62
                                                                                                                                                                                                    Function 00D7D750 Relevance: 42.7, APIs: 28, Instructions: 706COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetFileInformationByHandleEx.KERNEL32(?,00000000,?,00000028), ref: 00D7D7EF
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,00000028), ref: 00D7D828
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,00000000,?,00000028), ref: 00D7D837
                                                                                                                                                                                                    • GetFileInformationByHandleEx.KERNEL32(?,00000001,?,00000400), ref: 00D7D8CB
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00000001,?,00000400), ref: 00D7D8E1
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,00000028), ref: 00D7DD9F
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000028), ref: 00D7DDB2
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00000028), ref: 00D7DE21
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Handle$Close$ErrorFileInformationLast
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4143594976-0
                                                                                                                                                                                                    • Opcode ID: f9723cdf5afd294ca178e94d6e484186b251873f9aa8df519921f927e59a7ecf
                                                                                                                                                                                                    • Instruction ID: d9df22e29b1c824ec7d0d6f6a2df51a816c20ed98329ac2ac0cb9fd4ba9fc637
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9723cdf5afd294ca178e94d6e484186b251873f9aa8df519921f927e59a7ecf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7242BD71508340ABD7209F24C841B6BBBF6EFD9314F18891DF99897292E7B1D944CBB2
                                                                                                                                                                                                    Function 00DD4260 Relevance: 24.9, APIs: 11, Strings: 3, Instructions: 396COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • kernel32.dll, xrefs: 00DDBAD5
                                                                                                                                                                                                    • RemoveVectoredExceptionHandler, xrefs: 00DDBB05
                                                                                                                                                                                                    • AddVectoredExceptionHandler, xrefs: 00DDBAF1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: AddVectoredExceptionHandler$RemoveVectoredExceptionHandler$kernel32.dll
                                                                                                                                                                                                    • API String ID: 0-3889795909
                                                                                                                                                                                                    • Opcode ID: c5f4910ac5b88c43036480261631739c2c65836e223fb0ff4a81028516d8417a
                                                                                                                                                                                                    • Instruction ID: a31228edb033fdb341f36ad36bc9f3add5b2d635ac232490d52c2d81921b1803
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c5f4910ac5b88c43036480261631739c2c65836e223fb0ff4a81028516d8417a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E4E18E71A047018FCB14DF29D48066AB7E1FF84314F598A6FE899AB305DB30ED45CBA2
                                                                                                                                                                                                    Function 00D8C2B0 Relevance: 16.2, APIs: 7, Strings: 2, Instructions: 428COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 00D8C3F1
                                                                                                                                                                                                    • GetFullPathNameW.KERNEL32(?,00000000,00000002,00000000,00000000), ref: 00D8C400
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,00000000,00000000,?,00000000,00000002,00000000,00000000), ref: 00D8C40B
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,00000000,00000000,?,00000000,00000002,00000000,00000000), ref: 00D8C41C
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$FullNamePath
                                                                                                                                                                                                    • String ID: \\?\$\\?\UNC\
                                                                                                                                                                                                    • API String ID: 2482867836-3019864461
                                                                                                                                                                                                    • Opcode ID: 9ffb4a5b0a20099cdf26a43dfc35476268b3bcdd18ad5a8cb78e0924b0c39ea1
                                                                                                                                                                                                    • Instruction ID: 7db348ebb468678de0640969293ac75bd745ef43b804ba0055380117616b9c33
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9ffb4a5b0a20099cdf26a43dfc35476268b3bcdd18ad5a8cb78e0924b0c39ea1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 99F1A1B1E10215DBCF20EF98C885AAEB7B1FF54314F189029E815AB251E770EC46CBB1
                                                                                                                                                                                                    Function 00DB5260 Relevance: 11.9, Strings: 9, Instructions: 621COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: +NaNinf00e00E0assertion failed: ndigits > 0$\}$assertion failed: buf.len() >= MAX_SIG_DIGITS$assertion failed: d.mant + d.plus < (1 << 61)$assertion failed: d.mant > 0$assertion failed: d.mant.checked_add(d.plus).is_some()$assertion failed: d.mant.checked_sub(d.minus).is_some()$assertion failed: d.minus > 0$assertion failed: edelta >= 0library\core\src\num\diy_float.rs
                                                                                                                                                                                                    • API String ID: 0-2274042458
                                                                                                                                                                                                    • Opcode ID: 2de4e176fc2e7624f6b15a55674b243a26dbe88068ff35bd88651f4381473548
                                                                                                                                                                                                    • Instruction ID: cf9049333adee73974c0d48b30dc01381c528b40ece6c3febab5982b2028f83f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2de4e176fc2e7624f6b15a55674b243a26dbe88068ff35bd88651f4381473548
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6324875A087019FC704CF2DD880B5AF7E2AFC8754F198A2DF899A73A5D670D8058B92
                                                                                                                                                                                                    Function 00D25680 Relevance: 11.0, APIs: 5, Strings: 2, Instructions: 457COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: memcpy$memset
                                                                                                                                                                                                    • String ID: !Z$Q7
                                                                                                                                                                                                    • API String ID: 438689982-1704855296
                                                                                                                                                                                                    • Opcode ID: 51cd769674b17652000b33d8aa882b98000c20deab7dd4487be4c678346ddde5
                                                                                                                                                                                                    • Instruction ID: 815204279701f5ffb6fa1f4259e10989e8a4910731af52b3842729f4a9e0a591
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51cd769674b17652000b33d8aa882b98000c20deab7dd4487be4c678346ddde5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 431271A18093D09EE7029B38A82D79B7F905F6631CF1C45BCE4D80E283D677955AC7B2
                                                                                                                                                                                                    Function 00D347F0 Relevance: 9.9, Strings: 7, Instructions: 1131COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: 2-by$expa$expand 3$nd 32-by$te k2-by$te k2-byexpate knd 3$te knd 3expa
                                                                                                                                                                                                    • API String ID: 0-1772262818
                                                                                                                                                                                                    • Opcode ID: 1391a8e0975a9adc2b0a8bfe7d6b8fa79609e5bb0249d7250758481f8c467e98
                                                                                                                                                                                                    • Instruction ID: f667fa7c937909993b3b22ebc1cdef48890763d3a36d1e98adb727708446c2eb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1391a8e0975a9adc2b0a8bfe7d6b8fa79609e5bb0249d7250758481f8c467e98
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F9E244B0D012288FDB64CFA9C984BCDFBF1BF88314F6581AAD409B7215D7706A968F54
                                                                                                                                                                                                    Function 00D811A0 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 407windowCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memset.MSVCRT ref: 00D811C6
                                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(NTDLL.DLL), ref: 00D811E2
                                                                                                                                                                                                    • FormatMessageW.KERNEL32(00001200,00000000,?,00000000,?,00000800,00000000), ref: 00D8120E
                                                                                                                                                                                                    • GetLastError.KERNEL32(00001200,00000000,?,00000000,?,00000800,00000000), ref: 00D81274
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorFormatHandleLastMessageModulememset
                                                                                                                                                                                                    • String ID: NTDLL.DLL
                                                                                                                                                                                                    • API String ID: 1434010500-1613819793
                                                                                                                                                                                                    • Opcode ID: e451c3002f5521537ccb30fbb89dbd953ce35c3b544549ebbee98dad532cae1d
                                                                                                                                                                                                    • Instruction ID: e0426aceba64393712bae3d0289af5c7675357175990cf19c71b2f36fe8cde3a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e451c3002f5521537ccb30fbb89dbd953ce35c3b544549ebbee98dad532cae1d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A2E19F76D00219ABDF10EF94DC82AEEBBBCEF49354F180125F905B7241E771994A8BB4
                                                                                                                                                                                                    Function 00D2B3D0 Relevance: 9.1, Strings: 6, Instructions: 1608COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$FreeProcess
                                                                                                                                                                                                    • String ID: 2-bynd 3$expa$expa$te k2-bynd 3$te k2-bynd 3$te kexpate k2-bynd 3expa
                                                                                                                                                                                                    • API String ID: 3859560861-1169423403
                                                                                                                                                                                                    • Opcode ID: b3bfee0bd5dba486e5d42040b4a3bcdae1049ce0dde488c11a7bfe1c92ddc570
                                                                                                                                                                                                    • Instruction ID: 792a746850d30a6e4907c56ee726d6080f74906f71daa495c46037dc816b4c1a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b3bfee0bd5dba486e5d42040b4a3bcdae1049ce0dde488c11a7bfe1c92ddc570
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F8039CB0D002288BDF64CF69D981BDDBBB5BF48318F1581AAE409B7211D770AE95CF64
                                                                                                                                                                                                    Function 00D2B3E9 Relevance: 9.1, Strings: 6, Instructions: 1599COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$FreeProcess
                                                                                                                                                                                                    • String ID: 2-bynd 3$expa$expa$te k2-bynd 3$te k2-bynd 3$te kexpate k2-bynd 3expa
                                                                                                                                                                                                    • API String ID: 3859560861-1169423403
                                                                                                                                                                                                    • Opcode ID: 97f48c8a2df15bce88681cfdd8023e39d4d935f3ea2e86bb036e49e5159a010f
                                                                                                                                                                                                    • Instruction ID: b911fb70c05569916553219500ce86dbfed7183d6495b33dc373e1ca3ad90cf4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 97f48c8a2df15bce88681cfdd8023e39d4d935f3ea2e86bb036e49e5159a010f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14039CB0D002288BDB64CF69D981BDDFBB5BF48318F1581AAE409B7211D7706E958F64
                                                                                                                                                                                                    Function 00D2B402 Relevance: 9.1, Strings: 6, Instructions: 1590COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$FreeProcess
                                                                                                                                                                                                    • String ID: 2-bynd 3$expa$expa$te k2-bynd 3$te k2-bynd 3$te kexpate k2-bynd 3expa
                                                                                                                                                                                                    • API String ID: 3859560861-1169423403
                                                                                                                                                                                                    • Opcode ID: 5a53c02f49d76ba054c5d8cdedf8ccb7d9c4aa8412a1ef7929b9f78e25328295
                                                                                                                                                                                                    • Instruction ID: 98897ebe586da3d458b0c69fcaf909a5a03a58528d82afbc34c9b1164dd02c34
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5a53c02f49d76ba054c5d8cdedf8ccb7d9c4aa8412a1ef7929b9f78e25328295
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB039BB0D002288FDB64CFA9D981BDDFBB5BF48318F1581AAE409B7211D7706E958F64
                                                                                                                                                                                                    Function 00D2B421 Relevance: 9.1, Strings: 6, Instructions: 1581COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$FreeProcess
                                                                                                                                                                                                    • String ID: 2-bynd 3$expa$expa$te k2-bynd 3$te k2-bynd 3$te kexpate k2-bynd 3expa
                                                                                                                                                                                                    • API String ID: 3859560861-1169423403
                                                                                                                                                                                                    • Opcode ID: d0d6c653647b1ac2fc5204ca45a0add7fe6ca094c464a0d1f0e59dc988b86494
                                                                                                                                                                                                    • Instruction ID: 02aa6bee82e9a0f4669cddea974ff44793cabf30520e6f59127b0a61db193fdf
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d0d6c653647b1ac2fc5204ca45a0add7fe6ca094c464a0d1f0e59dc988b86494
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E039BB0D002288BDB64CFA9D981BDDFBB5BF88314F1581AAE409B7211D7706E95CF64
                                                                                                                                                                                                    Function 00D2B440 Relevance: 9.1, Strings: 6, Instructions: 1572COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$FreeProcess
                                                                                                                                                                                                    • String ID: 2-bynd 3$expa$expa$te k2-bynd 3$te k2-bynd 3$te kexpate k2-bynd 3expa
                                                                                                                                                                                                    • API String ID: 3859560861-1169423403
                                                                                                                                                                                                    • Opcode ID: 2d908bec1a1d2e581b9ce5a7d83b88b4ebd8b32afe260412c86cb5c25306573d
                                                                                                                                                                                                    • Instruction ID: bfaf6fc91c9be94e9e45d3e9f960c047eab71b6299325c5fa01d12e41be01150
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d908bec1a1d2e581b9ce5a7d83b88b4ebd8b32afe260412c86cb5c25306573d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 47039BB0D002288BDB64CFA9D981BDDFBB5BF88314F1581AAE409B7211D7706E95CF64
                                                                                                                                                                                                    Function 00D705A0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 316threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • InitializeProcThreadAttributeList.KERNEL32(00000000,?,00000000,00000000), ref: 00D705C2
                                                                                                                                                                                                    • InitializeProcThreadAttributeList.KERNEL32(00000001,?,00000000,00000000,00000000,?,00000000,00000000), ref: 00D70663
                                                                                                                                                                                                    • UpdateProcThreadAttribute.KERNEL32(?,00000000,?,?,?,00000000,00000000,00000001,?,00000000,00000000,00000000,?,00000000,00000000), ref: 00D70746
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • panicked at :fulllibrary\std\src\path.rs, xrefs: 00D70843
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AttributeProcThread$InitializeList$Update
                                                                                                                                                                                                    • String ID: panicked at :fulllibrary\std\src\path.rs
                                                                                                                                                                                                    • API String ID: 3806694049-4028486446
                                                                                                                                                                                                    • Opcode ID: 0d796f54b4178da69a25daf57de0841b42c0c20e62f5ee71bc84f1630d93aea5
                                                                                                                                                                                                    • Instruction ID: 73507b31f872d093339366c5b0187b892f9c7c42725812b1d8daa584a743c450
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0d796f54b4178da69a25daf57de0841b42c0c20e62f5ee71bc84f1630d93aea5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AEB1D575A00310DBDB149F54D891BAABBA9EF95304F08C42DFD49AB382E771AC05CBB1
                                                                                                                                                                                                    Function 00D2B45F Relevance: 9.1, Strings: 6, Instructions: 1563COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$FreeProcess
                                                                                                                                                                                                    • String ID: 2-bynd 3$expa$expa$te k2-bynd 3$te k2-bynd 3$te kexpate k2-bynd 3expa
                                                                                                                                                                                                    • API String ID: 3859560861-1169423403
                                                                                                                                                                                                    • Opcode ID: 532962badd38df1cb995748a58e9fdd6c4e6288cdcdf5b2eddac7b7c85a74756
                                                                                                                                                                                                    • Instruction ID: 4ea593d512eefa49364e72280f81768a6fc97893d1d3bfc25f567edd79f50d0d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 532962badd38df1cb995748a58e9fdd6c4e6288cdcdf5b2eddac7b7c85a74756
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 40038BB0D002288BDB64CFA9D981BDDFBB5BF88314F1581AAE409B7211D7706E95CF64
                                                                                                                                                                                                    Function 00D2B47E Relevance: 9.1, Strings: 6, Instructions: 1554COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$FreeProcess
                                                                                                                                                                                                    • String ID: 2-bynd 3$expa$expa$te k2-bynd 3$te k2-bynd 3$te kexpate k2-bynd 3expa
                                                                                                                                                                                                    • API String ID: 3859560861-1169423403
                                                                                                                                                                                                    • Opcode ID: 07ecdccdceb3101277b9e4b56625270e025fe5ad9bc3cd12b1419d8d0e5065cd
                                                                                                                                                                                                    • Instruction ID: 097d862ff8921028f0028775614ee3c16aba30965fcb5c385e28fee202934842
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 07ecdccdceb3101277b9e4b56625270e025fe5ad9bc3cd12b1419d8d0e5065cd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14038AB0D002288BDB64CFA9D981BDDFBB5BF88314F1581AAE409B7211D7706E95CF64
                                                                                                                                                                                                    Function 00D2B49D Relevance: 9.0, Strings: 6, Instructions: 1545COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$FreeProcess
                                                                                                                                                                                                    • String ID: 2-bynd 3$expa$expa$te k2-bynd 3$te k2-bynd 3$te kexpate k2-bynd 3expa
                                                                                                                                                                                                    • API String ID: 3859560861-1169423403
                                                                                                                                                                                                    • Opcode ID: b9f984c8f28114fb4950daa2d55bf18ddf86b999a331c8ed514b31ddf38ab385
                                                                                                                                                                                                    • Instruction ID: baa90c73b54085c044225738788aead0d68fc611143bd5973da818665fb59951
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b9f984c8f28114fb4950daa2d55bf18ddf86b999a331c8ed514b31ddf38ab385
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E6038AB0D002288FDB64CFA9D981B9DFBB5BF88314F1581AAE409B7211D7706E95CF64
                                                                                                                                                                                                    Function 00D2C2BB Relevance: 8.7, Strings: 6, Instructions: 1154COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$FreeProcess
                                                                                                                                                                                                    • String ID: 2-bynd 3$expa$expa$te k2-bynd 3$te k2-bynd 3$te kexpate k2-bynd 3expa
                                                                                                                                                                                                    • API String ID: 3859560861-1169423403
                                                                                                                                                                                                    • Opcode ID: 493cbb696afc764adfdf4cd0c010092deedfd2ad82f3e2a1a88f88279add4c1b
                                                                                                                                                                                                    • Instruction ID: 3fd0f41c50a28613065639aff45721f5360485f7fce8ed23f74bfddafecad585
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 493cbb696afc764adfdf4cd0c010092deedfd2ad82f3e2a1a88f88279add4c1b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7EE253B0D012288FDB64CFA9C980BDDFBB1BF88314F2581AAD509B7215D7706A95CF94
                                                                                                                                                                                                    Function 00D2C2E0 Relevance: 8.6, Strings: 6, Instructions: 1147COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: 2-bynd 3$expa$expa$te k2-bynd 3$te k2-bynd 3$te kexpate k2-bynd 3expa
                                                                                                                                                                                                    • API String ID: 0-1169423403
                                                                                                                                                                                                    • Opcode ID: 5b4e6dc10e4845c98df1a516c390e4f0a8b47a4ab8de50f9d2de8cc8d659db94
                                                                                                                                                                                                    • Instruction ID: 318c85beef055dc6f5e716111c30605f43f572dea4c5a2d74f42b7a7c06b2aac
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5b4e6dc10e4845c98df1a516c390e4f0a8b47a4ab8de50f9d2de8cc8d659db94
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5DE252B0D012288FDB64CFA9C980BDDFBB1BF88314F2581AAD509B7215D7706A95CF94
                                                                                                                                                                                                    Function 00DA0684 Relevance: 8.2, Strings: 6, Instructions: 734COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: 11tf$21tf$fs10$fs11$ft10$zero
                                                                                                                                                                                                    • API String ID: 0-3297899624
                                                                                                                                                                                                    • Opcode ID: 392d2f25d44e45a3f4478907d7506dfbff153e0ad2e0708c9d3bfbe1bfcbb4cd
                                                                                                                                                                                                    • Instruction ID: 521ff62b784e6d35659b34a81ccbf222211fd85b0eef1771fe468aaf48e5a56f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 392d2f25d44e45a3f4478907d7506dfbff153e0ad2e0708c9d3bfbe1bfcbb4cd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A429E1C40C2B18CD7AA5B26C4260737AE2DF5B741B4F8097D7C74FAF9D1698B80A2B1
                                                                                                                                                                                                    Function 00DB0190 Relevance: 8.0, APIs: 3, Strings: 2, Instructions: 484COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memcpy.MSVCRT(00000000,00000000,00000003,?,?,?,00001200,00000000), ref: 00DB0352
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: memcpy
                                                                                                                                                                                                    • String ID: @k$@k
                                                                                                                                                                                                    • API String ID: 3510742995-1676244581
                                                                                                                                                                                                    • Opcode ID: 7333287da004dc55299fead2c8d73d515df960c17d95f48116f3582458628a8c
                                                                                                                                                                                                    • Instruction ID: f133425045fb6a0750ec18c71685474cbb7a0c30b45c8f7ca40a3361a5d4f45e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7333287da004dc55299fead2c8d73d515df960c17d95f48116f3582458628a8c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19028E72E00219CFDF10CF98C8817EFBBB4EB59314F184569E856A7381D678AA45DBB0
                                                                                                                                                                                                    Function 00D7F651 Relevance: 7.8, APIs: 5, Instructions: 275filenativesynchronizationCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • NtReadFile.NTDLL(?,00000000,00000000,00000000,00000103,?,?,00000000,00000000), ref: 00D7F7C0
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,?,00000000,00000000,00000000,00000103,?,?,00000000,00000000), ref: 00D7F7D1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileObjectReadSingleWait
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 631497895-0
                                                                                                                                                                                                    • Opcode ID: d278ed7dfd5868cc0e7e0324b0533814112cb6ffedc6906971760babaa276f98
                                                                                                                                                                                                    • Instruction ID: db52fe5210db56d28babe43e8a6168cfd418a35a2c01b8d8809f658ed37787a9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d278ed7dfd5868cc0e7e0324b0533814112cb6ffedc6906971760babaa276f98
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26B191B1A002199FDB24CF98D850BAEBBF5FF48314F248529E859E7341E375E945CBA0
                                                                                                                                                                                                    Function 00DB74A1 Relevance: 7.6, Strings: 6, Instructions: 131COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: \u$\u${${$}$}
                                                                                                                                                                                                    • API String ID: 0-582841131
                                                                                                                                                                                                    • Opcode ID: e6e947eea89db5448a336d2ca07fbc3b985848f50500bb6001c10bcbe1d6f67a
                                                                                                                                                                                                    • Instruction ID: df33ad9f5e7ebba573161da9c76d4d211db8f9e59efe2aa02236ef7432532ca7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e6e947eea89db5448a336d2ca07fbc3b985848f50500bb6001c10bcbe1d6f67a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 26514722E1AAD586C7558B7845102EEFFF21FEA211F2D829BC4992F383C6358605C7B5
                                                                                                                                                                                                    Function 00DA719E Relevance: 7.6, Strings: 6, Instructions: 123COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: \u$\u${${$}$}
                                                                                                                                                                                                    • API String ID: 0-582841131
                                                                                                                                                                                                    • Opcode ID: fa05b7f4960a5d455b7df260376a3542df92801b402f294437297aad9ed272e8
                                                                                                                                                                                                    • Instruction ID: 4084b7fb3af15ad2e0c4932f930b996196f79bae5780cf0e11b52337943128f9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa05b7f4960a5d455b7df260376a3542df92801b402f294437297aad9ed272e8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69415712E0ABC585D7418B7448102BEFFB21FE6210F6D87AAC4AD2F383C6349145D3B5
                                                                                                                                                                                                    Function 00DAC5E0 Relevance: 7.2, Strings: 5, Instructions: 957COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • .g, xrefs: 00DACD54
                                                                                                                                                                                                    • __ZN, xrefs: 00DACA5B
                                                                                                                                                                                                    • .g, xrefs: 00DAC935
                                                                                                                                                                                                    • .llvm./rust/deps\rustc-demangle-0.1.24\src\lib.rs, xrefs: 00DAC5F8
                                                                                                                                                                                                    • `fmt::Error`s should be impossible without a `fmt::Formatter`, xrefs: 00DAD230
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: memcmp
                                                                                                                                                                                                    • String ID: .g$.g$.llvm./rust/deps\rustc-demangle-0.1.24\src\lib.rs$__ZN$`fmt::Error`s should be impossible without a `fmt::Formatter`
                                                                                                                                                                                                    • API String ID: 1475443563-4161860961
                                                                                                                                                                                                    • Opcode ID: 265c83aecc94b97e6ffeeb076f7aa35e53bd671721d9135e59845e4082d7d428
                                                                                                                                                                                                    • Instruction ID: ce530eb2ad723638e2050a4f9ce346d5ab6fade05dc5f71718be6331f837e241
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 265c83aecc94b97e6ffeeb076f7aa35e53bd671721d9135e59845e4082d7d428
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B72E472A187519FD714CF18C49066AB7E2FFC6320F188A1DF8A69B291D374DD41CBA2
                                                                                                                                                                                                    Function 00DB3040 Relevance: 6.8, Strings: 5, Instructions: 577COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • FFFF, xrefs: 00DB308B
                                                                                                                                                                                                    • cannot parse float from empty stringinvalid float literalassertion failed: edelta >= 0library\core\src\num\diy_float.rs, xrefs: 00DB3729
                                                                                                                                                                                                    • (z, xrefs: 00DB36FE
                                                                                                                                                                                                    • FFFF, xrefs: 00DB323B
                                                                                                                                                                                                    • -, xrefs: 00DB36C4
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: (z$-$FFFF$FFFF$cannot parse float from empty stringinvalid float literalassertion failed: edelta >= 0library\core\src\num\diy_float.rs
                                                                                                                                                                                                    • API String ID: 0-2673944413
                                                                                                                                                                                                    • Opcode ID: 5314109b0f871ab6d5a9175e9c2a39e63bb71bbf2de2b9a87ce42c6b84730d38
                                                                                                                                                                                                    • Instruction ID: 2a0c13da876e8e0315e820fab72376836760a80a4a6a01d100e6544a6f47dc66
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5314109b0f871ab6d5a9175e9c2a39e63bb71bbf2de2b9a87ce42c6b84730d38
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 58226F71E002198FCB18CF9DC8807EEBBF2FF89314F298129D415AB395D7749A459BA0
                                                                                                                                                                                                    Function 00DB2610 Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 267COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: memset$memcpy
                                                                                                                                                                                                    • String ID: -
                                                                                                                                                                                                    • API String ID: 368790112-2547889144
                                                                                                                                                                                                    • Opcode ID: 69d1cb1a9860dbf35956f31e9fc9ef1b9e33449f4ece9e863f5c05db5492577d
                                                                                                                                                                                                    • Instruction ID: 8f79a6befe71d57796474fdeb768393f48d4286638ed574f51397aaf7425cec8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 69d1cb1a9860dbf35956f31e9fc9ef1b9e33449f4ece9e863f5c05db5492577d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3891F976E00259CBDF25CE69C8807FEB7A6FF48310F5C8569D85667280E730AE418BB0
                                                                                                                                                                                                    Function 00D7E620 Relevance: 6.2, APIs: 4, Instructions: 226COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00D7E78A
                                                                                                                                                                                                    • memset.MSVCRT ref: 00D7E7A7
                                                                                                                                                                                                    • FindFirstFileExW.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 00D7E7C2
                                                                                                                                                                                                    • FindClose.KERNEL32(00000000,?,00000001,?,00000000,00000000,00000000), ref: 00D7E7D4
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseFind$FileFirstHandlememset
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4181070385-0
                                                                                                                                                                                                    • Opcode ID: 7ecbe1628e7cd48f7581625cf54dc9eca581097102232d79518f2467efe830e0
                                                                                                                                                                                                    • Instruction ID: 3d4b89e32a2f8c2e5bc5b514b1516757b85d3f037a1b9e52ba135fea07739d00
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7ecbe1628e7cd48f7581625cf54dc9eca581097102232d79518f2467efe830e0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E917CB0E003199FEB24CF94D885BAEBBF5EF58304F148459E849AB381E774A944CF61
                                                                                                                                                                                                    Function 00D8E0F0 Relevance: 6.1, APIs: 4, Instructions: 101networkCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00D803A0: WSASocketW.WS2_32(00000002,00D6E889,00000000,00000000,00000000,00000081), ref: 00D803CC
                                                                                                                                                                                                    • bind.WS2_32(?,?,00000010), ref: 00D8E1D4
                                                                                                                                                                                                    • listen.WS2_32(?,00000080), ref: 00D8E1E4
                                                                                                                                                                                                    • WSAGetLastError.WS2_32 ref: 00D8E1F6
                                                                                                                                                                                                    • closesocket.WS2_32(?), ref: 00D8E20C
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLastSocketbindclosesocketlisten
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1850986032-0
                                                                                                                                                                                                    • Opcode ID: a26d09a11970176c06c35a5206041e92d59164d2ab731c020be7574e8fa5da36
                                                                                                                                                                                                    • Instruction ID: 55204dcff3ce722965c544ecf48a171cc8dace070d86797a1620de1ab594ed0f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a26d09a11970176c06c35a5206041e92d59164d2ab731c020be7574e8fa5da36
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9141B2708043599EDB10DF68C880BAEBBF5EF55310F18C55AE998AB342E334E944CB71
                                                                                                                                                                                                    Function 00D7C080 Relevance: 6.1, APIs: 4, Instructions: 101filenativeCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • NtOpenFile.NTDLL(00000000,?,?,00000103,00000007,?), ref: 00D7C0F7
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileOpen
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2669468079-0
                                                                                                                                                                                                    • Opcode ID: 0e41b68e605035bd08c70b3d8171141ede838c57dab4feadddf154022c3baffc
                                                                                                                                                                                                    • Instruction ID: 40c2a8be71f949f8ec4c15f7b71db53cb157f15397cc3598356bd87d015b63b5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e41b68e605035bd08c70b3d8171141ede838c57dab4feadddf154022c3baffc
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA313EB09103099FEB14DF94D895BEFBBB8EB48304F54542EE949E7241E3749984CBB1
                                                                                                                                                                                                    Function 00D807B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69networkCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • recv.WS2_32(?,?,7FFFFFFF,00000000), ref: 00D80832
                                                                                                                                                                                                    • WSAGetLastError.WS2_32(?,?,7FFFFFFF,00000000,?,?,assertion failed: socket != sys::c::INVALID_SOCKET as RawSocketlibrary\std\src\os\windows\io\socket.rs,0000003F,00E4AED4), ref: 00D8083C
                                                                                                                                                                                                      • Part of subcall function 00D70330: memset.MSVCRT ref: 00D70350
                                                                                                                                                                                                      • Part of subcall function 00D70330: GetCurrentProcessId.KERNEL32 ref: 00D7035A
                                                                                                                                                                                                      • Part of subcall function 00D70330: WSADuplicateSocketW.WS2_32(0F08C483,00000000,?), ref: 00D70362
                                                                                                                                                                                                      • Part of subcall function 00D70330: WSASocketW.WS2_32(?,?,?,?,00000000,00000081), ref: 00D70386
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • assertion failed: socket != sys::c::INVALID_SOCKET as RawSocketlibrary\std\src\os\windows\io\socket.rs, xrefs: 00D80805
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Socket$CurrentDuplicateErrorLastProcessmemsetrecv
                                                                                                                                                                                                    • String ID: assertion failed: socket != sys::c::INVALID_SOCKET as RawSocketlibrary\std\src\os\windows\io\socket.rs
                                                                                                                                                                                                    • API String ID: 3340724250-42570012
                                                                                                                                                                                                    • Opcode ID: f3846dbf804ff2e63f43a066390e144f5dbe7252c4e6115c045177e2b73da6ef
                                                                                                                                                                                                    • Instruction ID: 78d41dd20cd6c3bbcd643acc029e64832aaa7d6117efe7b7596fda1f4f674383
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f3846dbf804ff2e63f43a066390e144f5dbe7252c4e6115c045177e2b73da6ef
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF21D831A00258ABCB20AF68D8405EDBBA5DF05330F14856AF9B9D73D0D630A944CBA1
                                                                                                                                                                                                    Function 00D6C2AE Relevance: 4.8, APIs: 3, Instructions: 266COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: db616937e1de4e7669cd4d408b45d5e79a9c96f40831b32cabe570f83d421b37
                                                                                                                                                                                                    • Instruction ID: e392b15805bf97123c46917e0881f4be38a31d25767776ea4bd2dae96611b5d9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: db616937e1de4e7669cd4d408b45d5e79a9c96f40831b32cabe570f83d421b37
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8CB17CB5E10259CFDB14CF98C890BEDBBB1AF49304F28815AE495AB391D374A941CF60
                                                                                                                                                                                                    Function 00D8E4A0 Relevance: 4.6, APIs: 3, Instructions: 95networkCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • bind.WS2_32(?,?,00000010), ref: 00D8E57E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: bind
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1187836755-0
                                                                                                                                                                                                    • Opcode ID: 01d5bc96df894329c81adbdb7b81a57a0d1a50cfe7af5a31b262a0f806918c56
                                                                                                                                                                                                    • Instruction ID: eeece6ae27f4d680b03f7647fb178eb024d10393816422e327a8a6428f4814ca
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 01d5bc96df894329c81adbdb7b81a57a0d1a50cfe7af5a31b262a0f806918c56
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C441D270909299DFCB10DF68D580AAEBBF1EF55304F18C49AE8995B382E335E944CB71
                                                                                                                                                                                                    Function 00D5E6C9 Relevance: 4.5, Strings: 3, Instructions: 790COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: O$O$O
                                                                                                                                                                                                    • API String ID: 0-1604089782
                                                                                                                                                                                                    • Opcode ID: 916451372e31eb55dae78e2a022311c8cb43f44b7dd1b0be704b8cd70878464d
                                                                                                                                                                                                    • Instruction ID: 67616489c7f4012aa72b19dc89389b3041ae6c6c5d2f1318a6c68d4fc140385d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 916451372e31eb55dae78e2a022311c8cb43f44b7dd1b0be704b8cd70878464d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AB8217759087418FC724CF19C480A5AFBE1BF98311F158A6DECD99B362D730E949CBA2
                                                                                                                                                                                                    Function 00DC5380 Relevance: 4.3, Strings: 3, Instructions: 576COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: $-$NAN
                                                                                                                                                                                                    • API String ID: 0-3673145351
                                                                                                                                                                                                    • Opcode ID: 7c4033cad07f087f2187d34b8f336ff4a5a6ae2557bc66f14418aecc99949da7
                                                                                                                                                                                                    • Instruction ID: c9b5b019aeb871a105175edace22e8ec3c95e4f38138dfcffe48a43334b29a59
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c4033cad07f087f2187d34b8f336ff4a5a6ae2557bc66f14418aecc99949da7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51223871908746CFC710CF24E880BAEB7E5FF85314F18892DE885A7285D775E989CBA1
                                                                                                                                                                                                    Function 00DCA370 Relevance: 4.3, Strings: 3, Instructions: 525COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: -+NaNinf00e00E0assertion failed: ndigits > 0$.$d
                                                                                                                                                                                                    • API String ID: 0-1458908954
                                                                                                                                                                                                    • Opcode ID: d180bec714e6f0dbbaceb34f82378888fa25246c28d55031f8905974533aa1a9
                                                                                                                                                                                                    • Instruction ID: 56dec51c5f85e4a79cfe565d3657cdb209423d40e920aac6f3ca538b7cac6fa9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d180bec714e6f0dbbaceb34f82378888fa25246c28d55031f8905974533aa1a9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7902E372F0022A8FDF18CE6DC895BADB6F6AF88304F19813DD809EB391D6759D058791
                                                                                                                                                                                                    Function 00D36540 Relevance: 3.7, Strings: 2, Instructions: 1198COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • te kexpate k2-byte kte k2-by2-bynd 3nd 3expa2-byexpand 3, xrefs: 00D36856
                                                                                                                                                                                                    • nd 3expa, xrefs: 00D368A4
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: nd 3expa$te kexpate k2-byte kte k2-by2-bynd 3nd 3expa2-byexpand 3
                                                                                                                                                                                                    • API String ID: 0-2854347106
                                                                                                                                                                                                    • Opcode ID: 2b2ef7bf626ba3561d90350d0672682bb1427ab6151d2fbfd63804d0ef1256a2
                                                                                                                                                                                                    • Instruction ID: 7fbfcfe1781a543d6842949524f7d4fe33bd5dcd8bbbdb4fc143094fad4e9c41
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b2ef7bf626ba3561d90350d0672682bb1427ab6151d2fbfd63804d0ef1256a2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4FE25AB0D012288FDB68CF99C984BDDFBB1BF88314F6581AAD409B7215D7346A86CF54
                                                                                                                                                                                                    Function 00D390B0 Relevance: 3.7, Strings: 2, Instructions: 1178COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • te kexpate k2-byte kte k2-by2-bynd 3nd 3expa2-byexpand 3, xrefs: 00D39386
                                                                                                                                                                                                    • nd 3expa, xrefs: 00D393D4
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: nd 3expa$te kexpate k2-byte kte k2-by2-bynd 3nd 3expa2-byexpand 3
                                                                                                                                                                                                    • API String ID: 0-2854347106
                                                                                                                                                                                                    • Opcode ID: 64ed0acc27c8227c16d32ef560bab9731505e12ab7309660c7c83622f68fff33
                                                                                                                                                                                                    • Instruction ID: 90f6a4dae1b1b7e1317ac6961d2855868db36c7d5160f417c14cb9bc9a2d59e2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 64ed0acc27c8227c16d32ef560bab9731505e12ab7309660c7c83622f68fff33
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D0E259B0D012288FDB68CF99C984BDDFBB1BF88314F6581AAD409B7215D7346A86CF54
                                                                                                                                                                                                    Function 00D41080 Relevance: 3.0, APIs: 2, Instructions: 500COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 701328e23a0e5dc6adafd7ed6b7304df9096c2c5af97ebf4c13bbf5a1365ffbc
                                                                                                                                                                                                    • Instruction ID: 58a22d64bb21b47b95f3efd2349201c4bbc47173e8c4558fb3de0e4941f32f3d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 701328e23a0e5dc6adafd7ed6b7304df9096c2c5af97ebf4c13bbf5a1365ffbc
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F012BF75A047019FCB14CF18C880A6AB7F2FFC9354F198A1DE5899B351D770E985CBA2
                                                                                                                                                                                                    Function 00D40290 Relevance: 3.0, APIs: 2, Instructions: 500COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 9d20080d5f17355b49bba04f9ac84e2d96974d37429b8600816d4b17ab09c53b
                                                                                                                                                                                                    • Instruction ID: dac3a5dcd7dd7ba2541f02ff7e7a83a2ee7531cb28faaf9d4f5748383f5dc549
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d20080d5f17355b49bba04f9ac84e2d96974d37429b8600816d4b17ab09c53b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 68129071A087019FCB14CF18C880A6ABBE6FFC9354F158A1DF6899B351D730E945CBA2
                                                                                                                                                                                                    Function 00D41720 Relevance: 2.9, APIs: 2, Instructions: 424COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 2cddcd4f8e800f8c1d161ef288d1f7d3b86d5a7ad7660ea52d0ae7d7d10d6a89
                                                                                                                                                                                                    • Instruction ID: 7280feba324ec7443a6a24882bbe750ba9814c4fe4f725bd9267555ad081475c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2cddcd4f8e800f8c1d161ef288d1f7d3b86d5a7ad7660ea52d0ae7d7d10d6a89
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7F16E75E002199FCF24CF98C981AEEB7B6FF89310F198129E855B7351D631AD81CBA4
                                                                                                                                                                                                    Function 00D26640 Relevance: 2.9, Strings: 2, Instructions: 374COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • called `Result::unwrap()` on an `Err` valueRng::fill failed~\.cargo\registry\src\index.crates.io-1949cf8c6b5b557f\rand-0.8.5\src\rng.rs, xrefs: 00D26845
                                                                                                                                                                                                    • XP, xrefs: 00D2684F
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: XP$called `Result::unwrap()` on an `Err` valueRng::fill failed~\.cargo\registry\src\index.crates.io-1949cf8c6b5b557f\rand-0.8.5\src\rng.rs
                                                                                                                                                                                                    • API String ID: 0-605685950
                                                                                                                                                                                                    • Opcode ID: 78bdc02ec41206bf25ff312e6d18498b56304ca51cee0e0494f8ee50da0991f5
                                                                                                                                                                                                    • Instruction ID: 19c9785e31f9b30113d5ea8fc23ec7eaf1a2e9d8a834386a5e7023d71471478c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 78bdc02ec41206bf25ff312e6d18498b56304ca51cee0e0494f8ee50da0991f5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2DD11835E04B655BC7128F3C988166AF7A1BFE6348F44C72EECA177646D730D94582A0
                                                                                                                                                                                                    Function 00DBC1A0 Relevance: 2.7, Strings: 2, Instructions: 234COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • -+NaNinf00e00E0assertion failed: ndigits > 0, xrefs: 00DBC300
                                                                                                                                                                                                    • e0E0assertion failed: buf.len() >= ndigits || buf.len() >= maxlen, xrefs: 00DBC459
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: -+NaNinf00e00E0assertion failed: ndigits > 0$e0E0assertion failed: buf.len() >= ndigits || buf.len() >= maxlen
                                                                                                                                                                                                    • API String ID: 0-3864725730
                                                                                                                                                                                                    • Opcode ID: 81f93cf18b5536b475f48a4a9cb8117f83ec65440927edd20affdf036e9d9c8b
                                                                                                                                                                                                    • Instruction ID: 5d59347e5f8ef57d7e3e94099035ab964855e7e5a03d248e8b4a5dc316a8a4f0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 81f93cf18b5536b475f48a4a9cb8117f83ec65440927edd20affdf036e9d9c8b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B910671A18340DBD714CF14C8817ABB7E2FFC8304F54A92EF99A57290DBB5D9048B66
                                                                                                                                                                                                    Function 00DBB5E0 Relevance: 2.7, Strings: 2, Instructions: 233COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • assertion failed: buf.len() >= maxlen, xrefs: 00DBB943
                                                                                                                                                                                                    • -+NaNinf00e00E0assertion failed: ndigits > 0, xrefs: 00DBB731
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: -+NaNinf00e00E0assertion failed: ndigits > 0$assertion failed: buf.len() >= maxlen
                                                                                                                                                                                                    • API String ID: 0-2939795802
                                                                                                                                                                                                    • Opcode ID: e652007f72039b83e711517467cbba81c9099f4ac84824b2741ed22858bfcf32
                                                                                                                                                                                                    • Instruction ID: 877967d8125ee4c351288f24ab5c0e0496d1d32dc8824f375637750e11be4394
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e652007f72039b83e711517467cbba81c9099f4ac84824b2741ed22858bfcf32
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F691AEB1A08300DBD704CF15C8417ABB7E6EFC8314F148A2EF99A9B290DBB5D945CB56
                                                                                                                                                                                                    Function 00DC1610 Relevance: 2.1, APIs: 1, Instructions: 802COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memcmp.MSVCRT(00000001,?,00000000), ref: 00DC17BE
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: memcmp
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1475443563-0
                                                                                                                                                                                                    • Opcode ID: 285aa0d6c74c960ac35d68614e0dee6143c84371a882b24701151b86a7d2fae8
                                                                                                                                                                                                    • Instruction ID: 2d9533b5447fd80da30c17e297a3f21ff4b377fd17f164e802d324d214f92fd3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 285aa0d6c74c960ac35d68614e0dee6143c84371a882b24701151b86a7d2fae8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3262C675E0022A8FDB15CF68C840BFEB7B6BF9A340F15825DE855B7242D7719D418BA0
                                                                                                                                                                                                    Function 00DB87E0 Relevance: 1.8, Strings: 1, Instructions: 519COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: 0
                                                                                                                                                                                                    • API String ID: 0-4108050209
                                                                                                                                                                                                    • Opcode ID: 24956c45270d8bae2036164a76ac29c9e19dee877c5abcfb51be31e0b2b1b43f
                                                                                                                                                                                                    • Instruction ID: b10e202bad4780f7417ad66343be9a57cd88e547bafe5ad0a64b626a808df164
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 24956c45270d8bae2036164a76ac29c9e19dee877c5abcfb51be31e0b2b1b43f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4227E71D0422ACFCF14CF68C8906EDBBB6BF49314F19825AD8627B385DB359941DBA0
                                                                                                                                                                                                    Function 00D51540 Relevance: 1.5, Strings: 1, Instructions: 287COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: 8
                                                                                                                                                                                                    • API String ID: 0-4194326291
                                                                                                                                                                                                    • Opcode ID: 30dc2d6210e65d507386ea76b5b4443455e9e63ab62d1f8b099af04167086ef8
                                                                                                                                                                                                    • Instruction ID: 723db6e96317f21c46dad38a5375add265afe2154b30a9ce3c9f91e60a7aed4e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 30dc2d6210e65d507386ea76b5b4443455e9e63ab62d1f8b099af04167086ef8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 23C14EB5D002198FDF14CF99C8807ADFBF2BF88315F24866AD855AB344D774994ACBA0
                                                                                                                                                                                                    Function 00D61750 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetSystemInfo.KERNEL32(?), ref: 00D61770
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InfoSystem
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 31276548-0
                                                                                                                                                                                                    • Opcode ID: 989f2c1414a9bf8259de64dce92bbec471387f720fbc2c0506de04ef2c1e1c1b
                                                                                                                                                                                                    • Instruction ID: 001930dd129abf04c38a13a91ad80ad0c831a529f9c27c11e754eaa70d0de227
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 989f2c1414a9bf8259de64dce92bbec471387f720fbc2c0506de04ef2c1e1c1b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 15F08274D08348CBCB10DFA9D9807EABBF8EF19310F189519E889A7300E330A9C4C7A5
                                                                                                                                                                                                    Function 00DCF580 Relevance: .4, Instructions: 372COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: c577a29ef774787a1919f375276ae424bd2802d0fc49b20c554d7c1c64a02053
                                                                                                                                                                                                    • Instruction ID: 863ad3990a994713f8ef0e9350c5d3578c3c069c7b1a705056ebac8fc4f82bc1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c577a29ef774787a1919f375276ae424bd2802d0fc49b20c554d7c1c64a02053
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C2C16A33B003215BDB1C4B2D9CD0AAD73D7DBC4395B1F863AD95A7B291D5709D0A86E0
                                                                                                                                                                                                    Function 00D953B0 Relevance: .3, Instructions: 347COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: b9ce4338fd887141fb9612d4b48a9eaff70d8ba9a6276033decfccce72a02b81
                                                                                                                                                                                                    • Instruction ID: 529d9393a42905c8547d8fda66b0b5ebd996d8e5cd1fec8cbb5f977232f9a9cf
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b9ce4338fd887141fb9612d4b48a9eaff70d8ba9a6276033decfccce72a02b81
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38B17B32B00A158BDF198E6DE8907BEB7E2EF85320F5D817DD8859B35DD6348C8587A0
                                                                                                                                                                                                    Function 00DC08D0 Relevance: .3, Instructions: 340COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: ff770072793ce04a42c52e2bb17460be005374ad3926009d11591fb2bff88ad1
                                                                                                                                                                                                    • Instruction ID: c0d48f817a5a5e0b63faf6ef9d91c526c6761ecf2685374913a245b827e1ad0a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ff770072793ce04a42c52e2bb17460be005374ad3926009d11591fb2bff88ad1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F4C15C76E29B824BD7138B3DD802665F790AFE7290F15D72EFCE473982EB3096814244
                                                                                                                                                                                                    Function 00D510E0 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: c72fc035f39ff18bf0ebcc914572c194267d3bf521bf6442c4757bc8df46418d
                                                                                                                                                                                                    • Instruction ID: cfea4fd80400da2642d1de8fde82e394b0ea21f08e1510a048d0b987ed8ea8f8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c72fc035f39ff18bf0ebcc914572c194267d3bf521bf6442c4757bc8df46418d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96C13CB5A083418FD704CF29C48061AFBE1FFD9315F258A6DE8998B351D771D84ACB92
                                                                                                                                                                                                    Function 00D4E3F0 Relevance: .3, Instructions: 257COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 29c05a1d145bfee6839909fe7057fdf2cb79e8d31774a3f9a4b20896963833e5
                                                                                                                                                                                                    • Instruction ID: b73cee9efc286aca17d569fb5d8e1220b52177c18437eb65a18bc3770d24e699
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 29c05a1d145bfee6839909fe7057fdf2cb79e8d31774a3f9a4b20896963833e5
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36B185B5D012159FCB04CF69C4806ADFBF2FF99314F29829AC459AB352D3759846CBA0
                                                                                                                                                                                                    Function 00DB2370 Relevance: .2, Instructions: 223COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: c91a48977f46359da621acba703dc88080e726c3dcdd94117558011faff4a52b
                                                                                                                                                                                                    • Instruction ID: da5675ef669807ff312ce717d7ba03b4507b4e95cb74f255e662f9683108b5bf
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c91a48977f46359da621acba703dc88080e726c3dcdd94117558011faff4a52b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56817F72E01215CBCB19CF68C8A17FEB7F2EF88315F194129D9566B385DB349D428BA0
                                                                                                                                                                                                    Function 00D24160 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 9ba0542e0dbc63720bdf364172a76aa6d5459309c8d63a1c4e712a61c7f6849b
                                                                                                                                                                                                    • Instruction ID: 35bf0073f1ecae2c3cc0e40d27baf795624bce21f49546d33ffeb488cb09ca8d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9ba0542e0dbc63720bdf364172a76aa6d5459309c8d63a1c4e712a61c7f6849b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06415368E15F955AE3039B3C68036B3F758AFF72C9B41E70BECE035417E72099929254
                                                                                                                                                                                                    Function 00D34018 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 34f8aad2d6413faeac46a3ed75cc5bf9ef96fbcaf51b8db1757c0a2f35813ca7
                                                                                                                                                                                                    • Instruction ID: bc718a518cc292e4099a53d96af5a7b645c0ce09f50bf620344d394c0916c7ff
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34f8aad2d6413faeac46a3ed75cc5bf9ef96fbcaf51b8db1757c0a2f35813ca7
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4601BCB18053549FC71ADF68C845896BFB5EF46210B06C2A7EC48AB322D334E900CBF2
                                                                                                                                                                                                    Function 00D34112 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 3ffd6cbd36bce322eade584a8a91c75ecc27ad9f0d7b14e3488de81505caf5f0
                                                                                                                                                                                                    • Instruction ID: 1dfa019d15c400734de7ec75fd774abe40d2a041604ce36bc8bc2c12d471eed3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ffd6cbd36bce322eade584a8a91c75ecc27ad9f0d7b14e3488de81505caf5f0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B4018F718053549FC71ADF28C855896BFB1EF46210B06C296EC48AB362C734ED00CBF1
                                                                                                                                                                                                    Function 00D2E4D0 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 10cef05763defb033a44319dae4ad22752cacac71541a26caaf554056c166449
                                                                                                                                                                                                    • Instruction ID: ca5f96fc38c15c90fc8bfe73d86c1b070346586a6a821a208665f092205271a1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10cef05763defb033a44319dae4ad22752cacac71541a26caaf554056c166449
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CED05E716097104BC3244F4FE400502FBECDBC4320700C43FA08EC3700C5B0A4004B94
                                                                                                                                                                                                    Function 00DD0520 Relevance: 64.9, APIs: 34, Strings: 3, Instructions: 197COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • kernel32.dll, xrefs: 00DDBAD5
                                                                                                                                                                                                    • RemoveVectoredExceptionHandler, xrefs: 00DDBB05
                                                                                                                                                                                                    • AddVectoredExceptionHandler, xrefs: 00DDBAF1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: AddVectoredExceptionHandler$RemoveVectoredExceptionHandler$kernel32.dll
                                                                                                                                                                                                    • API String ID: 0-3889795909
                                                                                                                                                                                                    • Opcode ID: 852eb35aa26673c644f8a14d359afa95df09f13258309b91b0a67d3244ed4451
                                                                                                                                                                                                    • Instruction ID: 403d70d655ad713e6dd3c4ee9f0606c0557dab561956037b7de9901db0f5f1fa
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 852eb35aa26673c644f8a14d359afa95df09f13258309b91b0a67d3244ed4451
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3051BDB19053459FEB20DF29E48472ABFE0BFC5324F08859ED8859B352C734E845CBA2
                                                                                                                                                                                                    Function 00DD06B0 Relevance: 63.2, APIs: 33, Strings: 3, Instructions: 170libraryloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA09
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA0E
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA13
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA18
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA1D
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA22
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA27
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA2C
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA31
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA36
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA3B
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA40
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA45
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA4A
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA4F
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA54
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA59
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA60
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA65
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA6A
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA6F
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA74
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA79
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA7E
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA83
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA88
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA8D
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA94
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA99
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA9E
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00DD3854), ref: 00DDBADC
                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 00DDBAFC
                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 00DDBB10
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • kernel32.dll, xrefs: 00DDBAD5
                                                                                                                                                                                                    • RemoveVectoredExceptionHandler, xrefs: 00DDBB05
                                                                                                                                                                                                    • AddVectoredExceptionHandler, xrefs: 00DDBAF1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: abort$AddressProc$HandleModule
                                                                                                                                                                                                    • String ID: AddVectoredExceptionHandler$RemoveVectoredExceptionHandler$kernel32.dll
                                                                                                                                                                                                    • API String ID: 1748640044-3889795909
                                                                                                                                                                                                    • Opcode ID: b8460e1c236c0f98eeed6b3cd48458ce3fc5438c0205c2dd0b4689b7b8b8aa8f
                                                                                                                                                                                                    • Instruction ID: fd11f5b5df7e7fabe93c5ef7aa91e1122aed5fd157933b2588679dbcfc634741
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8460e1c236c0f98eeed6b3cd48458ce3fc5438c0205c2dd0b4689b7b8b8aa8f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D241DF71605704AFD710DF58E8817AABBF5EB84360F08892BE5898B352D334E849DB72
                                                                                                                                                                                                    Function 00D7B0B0 Relevance: 60.0, APIs: 24, Strings: 10, Instructions: 484libraryloaderstringCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • WaitForSingleObjectEx.KERNEL32(00000000,000000FF,00000000,00000000,00000000,?), ref: 00D7B0CC
                                                                                                                                                                                                    • LoadLibraryA.KERNEL32(dbghelp.dll,00000000,000000FF,00000000,00000000,00000000,?), ref: 00D7B0DF
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(?,SymGetOptions), ref: 00D7B113
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(SymSetOptions), ref: 00D7B141
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(SymInitializeW), ref: 00D7B170
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(SymInitializeW), ref: 00D7B184
                                                                                                                                                                                                    • memset.MSVCRT ref: 00D7B1D2
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(SymGetSearchPathW), ref: 00D7B202
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(SymGetSearchPathW), ref: 00D7B216
                                                                                                                                                                                                    • lstrlenW.KERNEL32(00000002), ref: 00D7B22A
                                                                                                                                                                                                    • memcpy.MSVCRT(?,Local\RustBacktraceMutex00000000,00000021), ref: 00D7B24F
                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00D7B257
                                                                                                                                                                                                    • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 00D7B2DC
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000,00000000,?), ref: 00D7B2FA
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(EnumerateLoadedModulesW64), ref: 00D7B3B0
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(EnumerateLoadedModulesW64), ref: 00D7B3C4
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(SymSetSearchPathW), ref: 00D7B420
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(SymSetSearchPathW), ref: 00D7B430
                                                                                                                                                                                                    • ReleaseMutex.KERNEL32(?,000000FF,00000021,00E4BF9C), ref: 00D7B4D1
                                                                                                                                                                                                    • lstrlenW.KERNEL32(?,?,?,?,?,?,?,?,00E4BF9C), ref: 00D7B4EC
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressProc$CurrentProcess$Mutexlstrlen$CloseCreateHandleLibraryLoadObjectReleaseSingleWaitmemcpymemset
                                                                                                                                                                                                    • String ID: EnumerateLoadedModulesW64$Local\RustBacktraceMutex00000000$SymGetOptions$SymGetSearchPathW$SymInitializeW$SymSetOptions$SymSetSearchPathW$assertion failed: len >= 0$called `Result::unwrap()` on an `Err` value$dbghelp.dll
                                                                                                                                                                                                    • API String ID: 2256804348-37522383
                                                                                                                                                                                                    • Opcode ID: 4c0f76546be8c42dcc37bd0dbe3eceb429059f0613a427a69362422ca5e20432
                                                                                                                                                                                                    • Instruction ID: e271a202f40f513744d227d540829311894c88112d38b5d77e3268694aebd820
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c0f76546be8c42dcc37bd0dbe3eceb429059f0613a427a69362422ca5e20432
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EC02A371E012199FCB10DFA5DC86BAEBBB5EF54724F184126E508BB292FB709944C7B0
                                                                                                                                                                                                    Function 00DD1230 Relevance: 54.4, APIs: 28, Strings: 3, Instructions: 185libraryloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA22
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA27
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA2C
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA31
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA36
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA3B
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA40
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA45
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA4A
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA4F
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA54
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA59
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA60
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA65
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA6A
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA6F
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA74
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA79
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA7E
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA83
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA88
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA8D
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA94
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA99
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA9E
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00DD3854), ref: 00DDBADC
                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 00DDBAFC
                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 00DDBB10
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • kernel32.dll, xrefs: 00DDBAD5
                                                                                                                                                                                                    • RemoveVectoredExceptionHandler, xrefs: 00DDBB05
                                                                                                                                                                                                    • AddVectoredExceptionHandler, xrefs: 00DDBAF1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: abort$AddressProc$HandleModule
                                                                                                                                                                                                    • String ID: AddVectoredExceptionHandler$RemoveVectoredExceptionHandler$kernel32.dll
                                                                                                                                                                                                    • API String ID: 1748640044-3889795909
                                                                                                                                                                                                    • Opcode ID: 25f19879309d35fd598fc2894c2a07e3858b638d95b8913d636bc0868beb2545
                                                                                                                                                                                                    • Instruction ID: 8a778333f88d5761557d0d6077c639fbd6e3b300416c03303987ae3303eb8189
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 25f19879309d35fd598fc2894c2a07e3858b638d95b8913d636bc0868beb2545
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6151F172A04608AFCB10DF6CD8827A9BBF1FB84354F084126E895DB351E735E845CBA5
                                                                                                                                                                                                    Function 00DD2760 Relevance: 49.1, APIs: 25, Strings: 3, Instructions: 132libraryloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00DD2110: strlen.MSVCRT ref: 00DD219D
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA31
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA36
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA3B
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA40
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA45
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA4A
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA4F
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA54
                                                                                                                                                                                                    • abort.MSVCRT(?,?,?,?,00000001,?,00DD1A63), ref: 00DDBA59
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA60
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA65
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA6A
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA6F
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA74
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA79
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA7E
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA83
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA88
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA8D
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA94
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA99
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA9E
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00DD3854), ref: 00DDBADC
                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 00DDBAFC
                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 00DDBB10
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • kernel32.dll, xrefs: 00DDBAD5
                                                                                                                                                                                                    • RemoveVectoredExceptionHandler, xrefs: 00DDBB05
                                                                                                                                                                                                    • AddVectoredExceptionHandler, xrefs: 00DDBAF1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: abort$AddressProc$HandleModulestrlen
                                                                                                                                                                                                    • String ID: AddVectoredExceptionHandler$RemoveVectoredExceptionHandler$kernel32.dll
                                                                                                                                                                                                    • API String ID: 1472221321-3889795909
                                                                                                                                                                                                    • Opcode ID: e7b6b59db0ad8a32eb7679daba2413320f971fe52ad772528b0d4c887c11d14f
                                                                                                                                                                                                    • Instruction ID: 7722f43bac4630ec5afd66d7f4adfe29a7a4b82f4d0df2a1d9ff145a16ae49da
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e7b6b59db0ad8a32eb7679daba2413320f971fe52ad772528b0d4c887c11d14f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 38418FB0509380DEE750DF3AE8497167FE4AB91318F48459ED688A7362D7B5880CCB37
                                                                                                                                                                                                    Function 00DD3060 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 113COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • kernel32.dll, xrefs: 00DDBAD5
                                                                                                                                                                                                    • RemoveVectoredExceptionHandler, xrefs: 00DDBB05
                                                                                                                                                                                                    • AddVectoredExceptionHandler, xrefs: 00DDBAF1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: AddVectoredExceptionHandler$RemoveVectoredExceptionHandler$kernel32.dll
                                                                                                                                                                                                    • API String ID: 0-3889795909
                                                                                                                                                                                                    • Opcode ID: 4265661fbc61fb7f56315e5a0fd20f762dcd82d875deb3ac9d4d67ab08276e25
                                                                                                                                                                                                    • Instruction ID: c7547ede22414ab8b8b4b73a68897125be616e28bdb0c4f5b2348562f2fc9fda
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4265661fbc61fb7f56315e5a0fd20f762dcd82d875deb3ac9d4d67ab08276e25
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BF3152709012099FCB50EF68D981AEEBBF4FF85314F04846AE849A7311DB30AD45CBB2
                                                                                                                                                                                                    Function 00DD3130 Relevance: 36.9, APIs: 17, Strings: 4, Instructions: 112COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: strlen
                                                                                                                                                                                                    • String ID: @$AddVectoredExceptionHandler$RemoveVectoredExceptionHandler$kernel32.dll
                                                                                                                                                                                                    • API String ID: 39653677-2564961135
                                                                                                                                                                                                    • Opcode ID: 91c5c53bfa23214ded35f656900b1a06defe8ed5f96c4aa7d76746bd5b02d271
                                                                                                                                                                                                    • Instruction ID: 2bd683dc7920931ead089b584d85cdbeb7c22c4192e6b83424de2f642bebc96a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 91c5c53bfa23214ded35f656900b1a06defe8ed5f96c4aa7d76746bd5b02d271
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE31DEB1A053099FDB10EF6CED857AA7BF4EB85340F08446BE84997301D7349A48CBB2
                                                                                                                                                                                                    Function 00D77630 Relevance: 33.7, APIs: 13, Strings: 6, Instructions: 429libraryloaderthreadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00D62C10: SetLastError.KERNEL32(00000000), ref: 00D62C85
                                                                                                                                                                                                      • Part of subcall function 00D62C10: GetCurrentDirectoryW.KERNEL32(00000000,00000002,00000000), ref: 00D62C8C
                                                                                                                                                                                                      • Part of subcall function 00D62C10: GetLastError.KERNEL32(00000000,?,00000000,00000000,00000002,00000000), ref: 00D62C97
                                                                                                                                                                                                      • Part of subcall function 00D62C10: GetLastError.KERNEL32(00000000,?,00000000,00000000,00000002,00000000), ref: 00D62CA8
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 00D77758
                                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 00D77761
                                                                                                                                                                                                    • memset.MSVCRT ref: 00D77779
                                                                                                                                                                                                    • RtlCaptureContext.KERNEL32(?), ref: 00D77782
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(SymFunctionTableAccess64,?), ref: 00D777C8
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(SymGetModuleBase64,SymFunctionTableAccess64), ref: 00D777F7
                                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(SymFunctionTableAccess64,?), ref: 00D7780B
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(StackWalkEx,SymFunctionTableAccess64), ref: 00D77828
                                                                                                                                                                                                    • memset.MSVCRT ref: 00D77851
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • SymFunctionTableAccess64, xrefs: 00D777BD
                                                                                                                                                                                                    • stack backtrace:, xrefs: 00D77702
                                                                                                                                                                                                    • note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.__rust_end_short_backtrace__rust_begin_short_backtraces [... omitted frame ...], xrefs: 00D77A7B
                                                                                                                                                                                                    • StackWalk64, xrefs: 00D77B95
                                                                                                                                                                                                    • SymGetModuleBase64, xrefs: 00D777EC
                                                                                                                                                                                                    • StackWalkEx, xrefs: 00D7781D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Current$AddressErrorLastProc$Processmemset$CaptureContextDirectoryThread
                                                                                                                                                                                                    • String ID: StackWalk64$StackWalkEx$SymFunctionTableAccess64$SymGetModuleBase64$note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.__rust_end_short_backtrace__rust_begin_short_backtraces [... omitted frame ...]$stack backtrace:
                                                                                                                                                                                                    • API String ID: 1663827168-1816762948
                                                                                                                                                                                                    • Opcode ID: e109b92ee1c1c2f1cdee24b7fec0664fe62d6e25b9e150c87b3a08fbbfacf71c
                                                                                                                                                                                                    • Instruction ID: 3327429344dfbc529c1981e9ac29b0da5e0bc1b9ae04d113439ab597643310b4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e109b92ee1c1c2f1cdee24b7fec0664fe62d6e25b9e150c87b3a08fbbfacf71c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FA1226B190D380AFE761DF24C845B9BBBE4AF85714F04891EF5C897291E771D908CBA2
                                                                                                                                                                                                    Function 00D7D320 Relevance: 33.6, APIs: 18, Strings: 1, Instructions: 364fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,00110080,00000007,00000000,00000003,02200080,00000000), ref: 00D7D41F
                                                                                                                                                                                                    • GetFileInformationByHandleEx.KERNEL32(00000000,00000009,?,00000008,?,00110080,00000007,00000000,00000003,02200080,00000000), ref: 00D7D435
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00110080,00000007,00000000,00000003,02200080,00000000), ref: 00D7D462
                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,00110000,00000007,00000000,00000003,02000080,00000000,?,00110080,00000007,00000000,00000003,02200080,00000000), ref: 00D7D49F
                                                                                                                                                                                                    • memcpy.MSVCRT(-0000000C,?,?,?,?,02200080,00000000), ref: 00D7D506
                                                                                                                                                                                                    • SetFileInformationByHandle.KERNEL32(?,00000016,00000000,?,?,?,?,?,?,02200080,00000000), ref: 00D7D517
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,02200080,00000000), ref: 00D7D538
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,02200080,00000000), ref: 00D7D66E
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • called `Result::unwrap()` on an `Err` value, xrefs: 00D7D643
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileHandle$CloseCreateInformation$ErrorLastmemcpy
                                                                                                                                                                                                    • String ID: called `Result::unwrap()` on an `Err` value
                                                                                                                                                                                                    • API String ID: 2465000479-2333694755
                                                                                                                                                                                                    • Opcode ID: bb14b3c740f340f2a973bb57b5f66806be384e62d191720e6c7192d1fba24aac
                                                                                                                                                                                                    • Instruction ID: a380557aed2b1dea4aacb489936493892c1b43e45ddc49b76de6dd1ddd3da1b1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: bb14b3c740f340f2a973bb57b5f66806be384e62d191720e6c7192d1fba24aac
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2D16EB1E00209ABDF14DFA4DC82BAEBBB5EF55304F148429F549B7382E671A9408B75
                                                                                                                                                                                                    Function 00DD3320 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 134libraryloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA60
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA65
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA6A
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA6F
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA74
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA79
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA7E
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA83
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA88
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA8D
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA94
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA99
                                                                                                                                                                                                    • abort.MSVCRT(?,?,00000008,?,00000000,?,00DD3854), ref: 00DDBA9E
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00DD3854), ref: 00DDBADC
                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 00DDBAFC
                                                                                                                                                                                                    • GetProcAddress.KERNEL32 ref: 00DDBB10
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • kernel32.dll, xrefs: 00DDBAD5
                                                                                                                                                                                                    • RemoveVectoredExceptionHandler, xrefs: 00DDBB05
                                                                                                                                                                                                    • AddVectoredExceptionHandler, xrefs: 00DDBAF1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: abort$AddressProc$HandleModule
                                                                                                                                                                                                    • String ID: AddVectoredExceptionHandler$RemoveVectoredExceptionHandler$kernel32.dll
                                                                                                                                                                                                    • API String ID: 1748640044-3889795909
                                                                                                                                                                                                    • Opcode ID: 812041b9d488215d3cba0b70f81081af32eea65d1eb91ce61633dea57ff7d91d
                                                                                                                                                                                                    • Instruction ID: 337034646d7752b4c0892aa9ee0f357a6930e1ec186452e15bb49fd5147cce4e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 812041b9d488215d3cba0b70f81081af32eea65d1eb91ce61633dea57ff7d91d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2331D3726052148FD704DF6CE8826AA77F5FBC1318F18816FE4898B315D736E806CB62
                                                                                                                                                                                                    Function 00D63670 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 363COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 00D6370E
                                                                                                                                                                                                    • GetUserProfileDirectoryW.USERENV(000000FC,?,?,00000000), ref: 00D6371F
                                                                                                                                                                                                    • GetLastError.KERNEL32(000000FC,?,?,00000000), ref: 00D63760
                                                                                                                                                                                                    • GetLastError.KERNEL32(000000FC,?,?,00000000), ref: 00D63777
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • called `Result::unwrap()` on an `Err` value, xrefs: 00D63B1E
                                                                                                                                                                                                    • USERPROFILE\\.\pipe\__rust_anonymous_pipe1__., xrefs: 00D63685
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$DirectoryProfileUser
                                                                                                                                                                                                    • String ID: USERPROFILE\\.\pipe\__rust_anonymous_pipe1__.$called `Result::unwrap()` on an `Err` value
                                                                                                                                                                                                    • API String ID: 2013343546-4144570884
                                                                                                                                                                                                    • Opcode ID: 7f6b9576b3ac1e4d067efefda139af312106c53a0d7245bd34a9662afb8996ee
                                                                                                                                                                                                    • Instruction ID: 5bc7b247b0b88690815c70b37c9b5fd513f837dda415a09a5fc894ddcafb3159
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7f6b9576b3ac1e4d067efefda139af312106c53a0d7245bd34a9662afb8996ee
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7C1A3B1A04305ABDB109F54DC86BAEBBE8EF94314F184529F994A7342E774DE048BB1
                                                                                                                                                                                                    Function 00D8A3B0 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 273COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 00D8A425
                                                                                                                                                                                                    • GetFullPathNameW.KERNEL32(?,00000000,00000002,00000000,00000000), ref: 00D8A431
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,00000000,00000000,?,00000000,00000002,00000000,00000000), ref: 00D8A43C
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,00000000,00000000,?,00000000,00000002,00000000,00000000), ref: 00D8A44D
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$FullNamePath
                                                                                                                                                                                                    • String ID: SetThreadDescription$kernel32
                                                                                                                                                                                                    • API String ID: 2482867836-1950310818
                                                                                                                                                                                                    • Opcode ID: 11158bc7509b8ad53a0ef936d7c22627d915d52158a929faac09cea43d14d010
                                                                                                                                                                                                    • Instruction ID: 07a138d91862884bbcd2b84c36c4ae5f8da854c91e17e5d5731bf3aa91be7fce
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 11158bc7509b8ad53a0ef936d7c22627d915d52158a929faac09cea43d14d010
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A917471E002059BEB10ABA8DC46FBEBBB8EF55314F18402AE905B7352E7759D00CB76
                                                                                                                                                                                                    Function 00DD63F0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 134COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00DD53F0: calloc.MSVCRT ref: 00DD547E
                                                                                                                                                                                                    • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00DD4AF3), ref: 00DD646F
                                                                                                                                                                                                    • TlsGetValue.KERNEL32 ref: 00DD6495
                                                                                                                                                                                                    • TlsGetValue.KERNEL32 ref: 00DD64BF
                                                                                                                                                                                                    • fprintf.MSVCRT ref: 00DD6500
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Value$callocfprintf
                                                                                                                                                                                                    • String ID: once %p is %ld$AddVectoredExceptionHandler$RemoveVectoredExceptionHandler$kernel32.dll
                                                                                                                                                                                                    • API String ID: 811747394-2209695033
                                                                                                                                                                                                    • Opcode ID: 230f46a5e55f17b240136cbebf1706706e6aa2cf1d5f0bf957d4817b3595d22f
                                                                                                                                                                                                    • Instruction ID: bf397d50f25e82c619a792d790198cc3279d075a56205176566378e7b6e54ff9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 230f46a5e55f17b240136cbebf1706706e6aa2cf1d5f0bf957d4817b3595d22f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A84178B55087108FD710BF35E98562ABBE4EF84750F09892FE88987315E774D889CBB2
                                                                                                                                                                                                    Function 00DD57F0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 135threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: free$CurrentDebugOutputStringThreadabort
                                                                                                                                                                                                    • String ID: 5$Error cleaning up spin_keys for thread %lu.
                                                                                                                                                                                                    • API String ID: 2974864059-2130375756
                                                                                                                                                                                                    • Opcode ID: d05ab09a2acff1e8668f5eec81dd6c0f948678ba34ed20bd0eaa791fec2c442f
                                                                                                                                                                                                    • Instruction ID: ee2ac98359105f41a51f9240d21cb5e828b7c185105356398132c840dd1b2743
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d05ab09a2acff1e8668f5eec81dd6c0f948678ba34ed20bd0eaa791fec2c442f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D25164B0608701CFD700EF29E89871ABBE5FF84344F44482EE8889B349D775D549CBA2
                                                                                                                                                                                                    Function 00DD9470 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • calloc.MSVCRT ref: 00DD94A2
                                                                                                                                                                                                    • CreateSemaphoreA.KERNEL32 ref: 00DD94F8
                                                                                                                                                                                                    • CreateSemaphoreA.KERNEL32 ref: 00DD951F
                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32 ref: 00DD953E
                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32 ref: 00DD9549
                                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32 ref: 00DD9554
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalInitializeSection$CreateSemaphore$calloc
                                                                                                                                                                                                    • String ID: l
                                                                                                                                                                                                    • API String ID: 2075313795-2517025534
                                                                                                                                                                                                    • Opcode ID: 6a70c41120865471ccd491f8e876ddf81a67be9ebd591335de10c4a6e0aca701
                                                                                                                                                                                                    • Instruction ID: 2fd8c728bebbdf2ed010ee009fda671756175a527be35b95946b2426085901c0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a70c41120865471ccd491f8e876ddf81a67be9ebd591335de10c4a6e0aca701
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 14312DB55043008FEB10BF39E55835ABBE4EF40314F158AAED8948B395E775D844CF92
                                                                                                                                                                                                    Function 00D804F0 Relevance: 16.7, APIs: 11, Instructions: 183networkCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • ioctlsocket.WS2_32(?,8004667E,00000001), ref: 00D8051B
                                                                                                                                                                                                    • WSAGetLastError.WS2_32 ref: 00D8054A
                                                                                                                                                                                                    • connect.WS2_32(?,00000001,00000010), ref: 00D805A5
                                                                                                                                                                                                    • ioctlsocket.WS2_32(?,8004667E,00000001), ref: 00D805C4
                                                                                                                                                                                                    • WSAGetLastError.WS2_32 ref: 00D805D0
                                                                                                                                                                                                    • ioctlsocket.WS2_32(?,8004667E,00000001), ref: 00D805F2
                                                                                                                                                                                                    • WSAGetLastError.WS2_32(?,8004667E,00000001), ref: 00D8063B
                                                                                                                                                                                                    • memset.MSVCRT ref: 00D8069F
                                                                                                                                                                                                    • memset.MSVCRT ref: 00D806C5
                                                                                                                                                                                                    • select.WS2_32(00000001,00000000,00000001,00000001,?), ref: 00D806ED
                                                                                                                                                                                                    • WSAGetLastError.WS2_32 ref: 00D806FE
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$ioctlsocket$memset$connectselect
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1299707133-0
                                                                                                                                                                                                    • Opcode ID: d515175a3c605d06c4b3b991ec0aff856297aaeff4dcff79e5b36f2bef1ca46d
                                                                                                                                                                                                    • Instruction ID: f17e63e238956985636bd86a12e1787ef79ad30f855aabeba0a8e93f1325f06a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d515175a3c605d06c4b3b991ec0aff856297aaeff4dcff79e5b36f2bef1ca46d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6071C3B090060ADFDB10EF64C841BEDBBB5EF85324F244155E818AB391E734AA59CBB1
                                                                                                                                                                                                    Function 00D70330 Relevance: 16.6, APIs: 11, Instructions: 81networkCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memset.MSVCRT ref: 00D70350
                                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00D7035A
                                                                                                                                                                                                    • WSADuplicateSocketW.WS2_32(0F08C483,00000000,?), ref: 00D70362
                                                                                                                                                                                                    • WSASocketW.WS2_32(?,?,?,?,00000000,00000081), ref: 00D70386
                                                                                                                                                                                                    • WSAGetLastError.WS2_32 ref: 00D70398
                                                                                                                                                                                                    • WSAGetLastError.WS2_32(?,?,?,?,00000000,00000081), ref: 00D703BA
                                                                                                                                                                                                    • WSASocketW.WS2_32(?,?,?,?,00000000,00000001), ref: 00D703E4
                                                                                                                                                                                                    • SetHandleInformation.KERNEL32(00000000,00000001,00000000,?,?,?,?,00000000,00000001,?,?,?,?,00000000,00000081), ref: 00D703F5
                                                                                                                                                                                                    • WSAGetLastError.WS2_32(?,?,?,?,00000000,00000001,?,?,?,?,00000000,00000081), ref: 00D70407
                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000001,00000000,?,?,?,?,00000000,00000001,?,?,?,?,00000000,00000081), ref: 00D70417
                                                                                                                                                                                                    • closesocket.WS2_32(00000000), ref: 00D70426
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$Socket$CurrentDuplicateHandleInformationProcessclosesocketmemset
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2222771188-0
                                                                                                                                                                                                    • Opcode ID: 385d7b35f455f21a572e9bde6b22e34dce3e72efc4e3b4c79ed6e4c15a8551a0
                                                                                                                                                                                                    • Instruction ID: 055c7c03b618700cb1dfe8873697e336895bbd04633e39f954fc0dcf7d3c59f7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 385d7b35f455f21a572e9bde6b22e34dce3e72efc4e3b4c79ed6e4c15a8551a0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F321D170400341EADB306B68CC45F6A7EA5DF41714F24856EF29C9A2D1E67598858731
                                                                                                                                                                                                    Function 00D8D7D0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 205memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • InitOnceBeginInitialize.KERNEL32(?,00000000,00000000,00000000,?,00000001,00005000), ref: 00D8D7F5
                                                                                                                                                                                                    • TlsAlloc.KERNEL32(?,00000000,00000000,00000000,?,00000001,00005000), ref: 00D8D80C
                                                                                                                                                                                                    • InitOnceComplete.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,?,00000001,00005000), ref: 00D8D847
                                                                                                                                                                                                    • TlsAlloc.KERNEL32(?,00000001,00005000,?,00D60486,00E80178,?,?,00D5FE9D), ref: 00D8D84E
                                                                                                                                                                                                    • TlsFree.KERNEL32(00E80178,?,00000001,00005000,?,00D60486,00E80178,?,?,00D5FE9D), ref: 00D8D878
                                                                                                                                                                                                    • InitOnceComplete.KERNEL32(?,00000004,00000000,00000000,00000000,00E4CA64,00000000,00E4D4B0,?,00000000), ref: 00D8D8AD
                                                                                                                                                                                                    • freeaddrinfo.WS2_32(0000003A,?,assertion failed: len >= mem::size_of::<c::sockaddr_in6>(),0000003A,00E4D5B8), ref: 00D8DA68
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • assertion failed: len >= mem::size_of::<c::sockaddr_in6>(), xrefs: 00D8DA4F
                                                                                                                                                                                                    • assertion failed: len >= mem::size_of::<c::sockaddr_in>()library\std\src\sys_common\net.rs, xrefs: 00D8DA3E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InitOnce$AllocComplete$BeginFreeInitializefreeaddrinfo
                                                                                                                                                                                                    • String ID: assertion failed: len >= mem::size_of::<c::sockaddr_in6>()$assertion failed: len >= mem::size_of::<c::sockaddr_in>()library\std\src\sys_common\net.rs
                                                                                                                                                                                                    • API String ID: 253073994-513854611
                                                                                                                                                                                                    • Opcode ID: d2d970d8de487ae65ddc2a80f193562bbb95588b4b15677521b708cfe46aa2b0
                                                                                                                                                                                                    • Instruction ID: c1db3eb434c35f7737117aada9d94f8b141cc58bed8a59db43fb4c530fcc48dd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d2d970d8de487ae65ddc2a80f193562bbb95588b4b15677521b708cfe46aa2b0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13818CB09003199FDB14EF99D841BAEBBB5FF48324F24815AE9547B391C7B4A841CBB4
                                                                                                                                                                                                    Function 00D75750 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 203synchronizationCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00D7576B
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00D7584E
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00D75862
                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000000,00000000,000000FF), ref: 00D7586B
                                                                                                                                                                                                    • GetExitCodeProcess.KERNEL32(00000000,00000000), ref: 00D758BF
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,000000FF), ref: 00D7590A
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000001,00000000,00000000,00000000,00000000,000000FF), ref: 00D75910
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00D759C0
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseHandle$CodeErrorExitLastObjectProcessSingleWait
                                                                                                                                                                                                    • String ID: called `Result::unwrap()` on an `Err` value
                                                                                                                                                                                                    • API String ID: 17306042-2333694755
                                                                                                                                                                                                    • Opcode ID: 6b47b84c9bced21addf28526a095d4ac9b307c20c625ac80cccaaeb0402fd9e0
                                                                                                                                                                                                    • Instruction ID: a864647548555a6334631334c101d9738a7d7db0dae97b82eddee80dff01b6ba
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6b47b84c9bced21addf28526a095d4ac9b307c20c625ac80cccaaeb0402fd9e0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D71A271D00B09ABDF10DFA4EC41BEEB7B8EF45304F148519E9197A281E7B1A945CBB2
                                                                                                                                                                                                    Function 00D4B550 Relevance: 15.5, APIs: 8, Strings: 2, Instructions: 462COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • assertion failed: new_left_len <= CAPACITY, xrefs: 00D4BBF1
                                                                                                                                                                                                    • assertion failed: match track_edge_idx { LeftOrRight::Left(idx) => idx <= old_left_len, LeftOrRight::Right(idx) => idx <= right_len,}, xrefs: 00D4BC09, 00D4BC53
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: memmove
                                                                                                                                                                                                    • String ID: assertion failed: match track_edge_idx { LeftOrRight::Left(idx) => idx <= old_left_len, LeftOrRight::Right(idx) => idx <= right_len,}$assertion failed: new_left_len <= CAPACITY
                                                                                                                                                                                                    • API String ID: 2162964266-2079967719
                                                                                                                                                                                                    • Opcode ID: fe9ce651eaddbe03d67b333dff9c7cc41449ea37988dd37277a28d2aaf366d70
                                                                                                                                                                                                    • Instruction ID: 999da2fa866c66145ec6a18a99e4691109afa0d7f319365f2e2c0b4c84649639
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fe9ce651eaddbe03d67b333dff9c7cc41449ea37988dd37277a28d2aaf366d70
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 16223B75D00619CBDB14CF99C880AEEF7B5FF98314F14866ED8096B216E730AA46CF61
                                                                                                                                                                                                    Function 00D8D530 Relevance: 15.2, APIs: 12, Instructions: 232COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • TlsGetValue.KERNEL32 ref: 00D8D57D
                                                                                                                                                                                                    • TlsSetValue.KERNEL32(?,00000000), ref: 00D8D58E
                                                                                                                                                                                                    • TlsGetValue.KERNEL32 ref: 00D8D5CD
                                                                                                                                                                                                    • TlsSetValue.KERNEL32(?,00000000), ref: 00D8D5DE
                                                                                                                                                                                                    • TlsGetValue.KERNEL32 ref: 00D8D61D
                                                                                                                                                                                                    • TlsSetValue.KERNEL32(?,00000000), ref: 00D8D62E
                                                                                                                                                                                                    • TlsGetValue.KERNEL32 ref: 00D8D66D
                                                                                                                                                                                                    • TlsSetValue.KERNEL32(?,00000000), ref: 00D8D67E
                                                                                                                                                                                                    • TlsGetValue.KERNEL32(?), ref: 00D8D6BA
                                                                                                                                                                                                    • TlsSetValue.KERNEL32(?,00000000,?), ref: 00D8D6C8
                                                                                                                                                                                                    • TlsGetValue.KERNEL32(00000000), ref: 00D8D6E0
                                                                                                                                                                                                    • TlsSetValue.KERNEL32(00000000,00000002,00000000), ref: 00D8D6F9
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                    • Opcode ID: ca488060ad713f17cfb8bb5f8bfd87a1ad0f50734b36c0b1c1edffcfc145f7b0
                                                                                                                                                                                                    • Instruction ID: d9c285f08f0cc74410c9a33c7be2e7d66062ce76a0d3047ca9b1d3dee21a0be2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca488060ad713f17cfb8bb5f8bfd87a1ad0f50734b36c0b1c1edffcfc145f7b0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A71A3B1A006089BDB20BF65DC82BAFB3A9EF45714F1D4429D959B72C1EB31EC0487B1
                                                                                                                                                                                                    Function 00D6F2B0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 150networkCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • accept.WS2_32(?,?,00000080), ref: 00D6F30E
                                                                                                                                                                                                    • WSAGetLastError.WS2_32 ref: 00D6F35E
                                                                                                                                                                                                    • closesocket.WS2_32(00000000), ref: 00D6F3F3
                                                                                                                                                                                                    • closesocket.WS2_32(00000000), ref: 00D6F44A
                                                                                                                                                                                                    • setsockopt.WS2_32(?,00000000,00000004,00000000,00000004), ref: 00D6F47E
                                                                                                                                                                                                    • WSAGetLastError.WS2_32(?,00000000,00000004,00000000,00000004,00000000,00000000,?,00000000,00000000), ref: 00D6F48A
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • assertion failed: len >= mem::size_of::<c::sockaddr_in6>(), xrefs: 00D6F435
                                                                                                                                                                                                    • assertion failed: len >= mem::size_of::<c::sockaddr_in>()library\std\src\sys_common\net.rs, xrefs: 00D6F424, 00D6F43C
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLastclosesocket$acceptsetsockopt
                                                                                                                                                                                                    • String ID: assertion failed: len >= mem::size_of::<c::sockaddr_in6>()$assertion failed: len >= mem::size_of::<c::sockaddr_in>()library\std\src\sys_common\net.rs
                                                                                                                                                                                                    • API String ID: 1216698370-513854611
                                                                                                                                                                                                    • Opcode ID: 3dff5e8ccd70833f94e09111b7dcca5d0b8cef51d99c2f23ba7eb1fcce47c370
                                                                                                                                                                                                    • Instruction ID: ae497d02987d797d87a04512f9b939b7d4d743650508a1e3fe6a35da2713f10b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3dff5e8ccd70833f94e09111b7dcca5d0b8cef51d99c2f23ba7eb1fcce47c370
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7D518E705087409BD728CF18E481AABB7F5EFC9314F10892EF9D987350D735A945CBA6
                                                                                                                                                                                                    Function 00D7C2F0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 130fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memset.MSVCRT ref: 00D7C366
                                                                                                                                                                                                    • FindNextFileW.KERNEL32(0544C5E8,?), ref: 00D7C370
                                                                                                                                                                                                    • memcpy.MSVCRT(?,?,00000250,0544C5E8,?), ref: 00D7C3D7
                                                                                                                                                                                                    • memcpy.MSVCRT(?,00D66288,0000021E), ref: 00D7C470
                                                                                                                                                                                                    • FindClose.KERNEL32(0544C5E8,?,0544C5E8,?), ref: 00D7C4B8
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Findmemcpy$CloseFileNextmemset
                                                                                                                                                                                                    • String ID: .
                                                                                                                                                                                                    • API String ID: 924662966-248832578
                                                                                                                                                                                                    • Opcode ID: 29ac1023d57b7cbd743a62390d38b3630b2b1577139acb3c0ce0037c9c84b8e2
                                                                                                                                                                                                    • Instruction ID: 90f5a5addb4666d634e3a151ba1dac48b839e274baff50503613f81c60beacfd
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 29ac1023d57b7cbd743a62390d38b3630b2b1577139acb3c0ce0037c9c84b8e2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E051CC759106199FCB21DF14C8847AAB7B4FF89314F48D29AE84C6F282E734E981C7B5
                                                                                                                                                                                                    Function 00D7C5C0 Relevance: 13.7, APIs: 9, Instructions: 215fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateFileW.KERNEL32(?,00000000,?,?,?,?,00000000), ref: 00D7C717
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,?,?,?,00000000), ref: 00D7C738
                                                                                                                                                                                                    • SetFileInformationByHandle.KERNEL32(00000000,00000005,00000000,00000008,?,00000000), ref: 00D7C760
                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000005,00000000,00000008,?,00000000), ref: 00D7C769
                                                                                                                                                                                                    • SetFileInformationByHandle.KERNEL32(00000000,00000006,00000000,00000008,00000000,00000005), ref: 00D7C794
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,?,?,?,00000000), ref: 00D7C7C7
                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000006,00000000,00000008,00000000,00000005), ref: 00D7C7F4
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,00000000,00000006,00000000,00000008,00000000,00000005), ref: 00D7C803
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00000000), ref: 00D7C850
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorHandleLast$File$CloseInformation$Create
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 4230017884-0
                                                                                                                                                                                                    • Opcode ID: 4ad237f512d01191d6db7a41f464435c6110ea584c0e82c141afed7652981534
                                                                                                                                                                                                    • Instruction ID: 3e69ce74585427b372aad0b30f5f4d92be406de237b19bf7cbc37e1bc4132eb5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ad237f512d01191d6db7a41f464435c6110ea584c0e82c141afed7652981534
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5981C1B05183409FEB24CF14C881B6A7BE0AF95308F18A95EE9DD5B292E770D804CB72
                                                                                                                                                                                                    Function 00D8E230 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 164networkCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • assertion failed: len >= mem::size_of::<c::sockaddr_in6>(), xrefs: 00D8E361
                                                                                                                                                                                                    • socketOwnedSocketlibrary\std\src\os\windows\process.rs, xrefs: 00D8E44D
                                                                                                                                                                                                    • TcpListenerUdpSocketlibrary\std\src\..\..\backtrace\src\symbolize\gimli\lru.rs, xrefs: 00D8E391
                                                                                                                                                                                                    • assertion failed: len >= mem::size_of::<c::sockaddr_in>()library\std\src\sys_common\net.rs, xrefs: 00D8E372
                                                                                                                                                                                                    • addrlinenolibrary\std\src\..\..\backtrace\src\symbolize\mod.rs, xrefs: 00D8E431
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLastgetsockname
                                                                                                                                                                                                    • String ID: TcpListenerUdpSocketlibrary\std\src\..\..\backtrace\src\symbolize\gimli\lru.rs$addrlinenolibrary\std\src\..\..\backtrace\src\symbolize\mod.rs$assertion failed: len >= mem::size_of::<c::sockaddr_in6>()$assertion failed: len >= mem::size_of::<c::sockaddr_in>()library\std\src\sys_common\net.rs$socketOwnedSocketlibrary\std\src\os\windows\process.rs
                                                                                                                                                                                                    • API String ID: 566540725-3069411103
                                                                                                                                                                                                    • Opcode ID: 88e9591da8f74407544942a5dda40c2861e8d5d087c7e44b30efb6ee9ba5183a
                                                                                                                                                                                                    • Instruction ID: d943f0c791441477bde8aef59ce58a91d3d041145d6bc9908e317315900b4610
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 88e9591da8f74407544942a5dda40c2861e8d5d087c7e44b30efb6ee9ba5183a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F451F230808B44E6DB21EF58D842AAFB7F8EF95715F048609F8896B141E7709585CBA2
                                                                                                                                                                                                    Function 00D63270 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 261COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 00D6336A
                                                                                                                                                                                                    • GetEnvironmentVariableW.KERNEL32(?,?,?,00000000), ref: 00D63375
                                                                                                                                                                                                    • GetLastError.KERNEL32(00000200,?,00000000,00000000), ref: 00D63380
                                                                                                                                                                                                    • GetLastError.KERNEL32(00000200,?,00000000,00000000), ref: 00D63391
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • environment variable not foundenvironment variable was not valid unicode: , xrefs: 00D635A7
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$EnvironmentVariable
                                                                                                                                                                                                    • String ID: environment variable not foundenvironment variable was not valid unicode:
                                                                                                                                                                                                    • API String ID: 2691138088-3632183283
                                                                                                                                                                                                    • Opcode ID: 9bfd51ded772c184a871ecd0bd536d4b74670c71085a8092a150f92a07a49bc1
                                                                                                                                                                                                    • Instruction ID: ad72b3cccd1812f9b53c820044d7dc082d04a7b64a69bf1d8c90a07ffccd93d8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9bfd51ded772c184a871ecd0bd536d4b74670c71085a8092a150f92a07a49bc1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 919181B1A04301AFD710DF54DC42B6ABBE8EF94714F148819F999A7352E771EE048BB2
                                                                                                                                                                                                    Function 00D8A0A0 Relevance: 10.7, APIs: 7, Instructions: 245COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 00D8A115
                                                                                                                                                                                                    • GetFullPathNameW.KERNEL32(?,00000000,00000002,00000000,00000000), ref: 00D8A121
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,00000000,00000000,?,00000000,00000002,00000000,00000000), ref: 00D8A12C
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,00000000,00000000,?,00000000,00000002,00000000,00000000), ref: 00D8A13D
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$FullNamePath
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2482867836-0
                                                                                                                                                                                                    • Opcode ID: 6c32b60d524e8a1362dc33d3098d5c6a9a327a4bb5cd9ce48dd4fd91ea629170
                                                                                                                                                                                                    • Instruction ID: b636eb5fd4d781f4416eec2050b8205cc17ede54053bb8bdc779d513782ec958
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c32b60d524e8a1362dc33d3098d5c6a9a327a4bb5cd9ce48dd4fd91ea629170
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 168165B1E003059BEB10AF99DC46FAEBBB9EF55314F18401AE805BB352E7759D008B76
                                                                                                                                                                                                    Function 00DB6750 Relevance: 10.7, APIs: 2, Strings: 5, Instructions: 234COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memset.MSVCRT ref: 00DB697B
                                                                                                                                                                                                    • memcpy.MSVCRT(?,?,?,00000000,?,+NaNinf00e00E0assertion failed: ndigits > 0,?,assertion failed: parts.len() >= 6,00000022,00E585F0,assertion failed: buf[0] > b'0',0000001F,00E585BC,assertion failed: !buf.is_empty(),00000021,00E585AC), ref: 00DB699C
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • assertion failed: parts.len() >= 6, xrefs: 00DB687D
                                                                                                                                                                                                    • assertion failed: buf[0] > b'0', xrefs: 00DB686C
                                                                                                                                                                                                    • .0., xrefs: 00DB67AF
                                                                                                                                                                                                    • eEe-E--+NaNinf00e00E0assertion failed: ndigits > 0, xrefs: 00DB67F1
                                                                                                                                                                                                    • assertion failed: !buf.is_empty(), xrefs: 00DB685B
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: memcpymemset
                                                                                                                                                                                                    • String ID: .0.$assertion failed: !buf.is_empty()$assertion failed: buf[0] > b'0'$assertion failed: parts.len() >= 6$eEe-E--+NaNinf00e00E0assertion failed: ndigits > 0
                                                                                                                                                                                                    • API String ID: 1297977491-168991425
                                                                                                                                                                                                    • Opcode ID: 908a7fa8a3f0111f23366b7cd43cb3951b9b9e7b8133db709ea2d3ea8a72b076
                                                                                                                                                                                                    • Instruction ID: 5aae4e412528ea4368b261346ee699bb1d33247717847b7e5ffff6f7d171b736
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 908a7fa8a3f0111f23366b7cd43cb3951b9b9e7b8133db709ea2d3ea8a72b076
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB81FA72E00320DBDB208F08C445BEE77E5FF80714F1A8569E85A6B291D7B9DD85CBA1
                                                                                                                                                                                                    Function 00D76360 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 195COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • WakeByAddressAll.API-MS-WIN-CORE-SYNCH-L1-2-0(?), ref: 00D763C1
                                                                                                                                                                                                    • WaitOnAddress.API-MS-WIN-CORE-SYNCH-L1-2-0(00000004,?,00000004,000000FF), ref: 00D76420
                                                                                                                                                                                                    • WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0(?), ref: 00D76509
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Address$Wake$SingleWait
                                                                                                                                                                                                    • String ID: called `Result::unwrap()` on an `Err` value
                                                                                                                                                                                                    • API String ID: 2488680809-2333694755
                                                                                                                                                                                                    • Opcode ID: 57fff6acfb26916b82561439a1b6f296cd4926f6b12b0956a401caaae9284a0b
                                                                                                                                                                                                    • Instruction ID: d6dde7fd639a217641a0f317824bacbb9d0b0048bdac1b2f3b64a132a1d2037f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 57fff6acfb26916b82561439a1b6f296cd4926f6b12b0956a401caaae9284a0b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 256147719047159FCF119F649801AAFBBF8AF01718F588859E5ADA3282F331E90587B1
                                                                                                                                                                                                    Function 00D82590 Relevance: 10.7, APIs: 7, Instructions: 180COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00D827F0: CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,00000000,?,00D825A9,?), ref: 00D82802
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00D825C0
                                                                                                                                                                                                      • Part of subcall function 00D3E2A0: CloseHandle.KERNEL32(?,000000FF), ref: 00D3E2B3
                                                                                                                                                                                                      • Part of subcall function 00D3E2A0: CloseHandle.KERNEL32(?,?,000000FF), ref: 00D3E2BB
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseHandle$CreateEvent
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1371578007-0
                                                                                                                                                                                                    • Opcode ID: f5d3158d2f5567d7d0e53a1e79cc3f361e245f2bb47352cdc558e0ad307ff00f
                                                                                                                                                                                                    • Instruction ID: 318ddc6731263a5869a5c4b625161749f27b043fe55f239317f4eb9f6d5e1c36
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f5d3158d2f5567d7d0e53a1e79cc3f361e245f2bb47352cdc558e0ad307ff00f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC6125B4E002189BDF14EF95C881AFEBBB6EF59310F28441AE845AB351D770AD45CB71
                                                                                                                                                                                                    Function 00DD95E0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 169synchronizationCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00DD69E0: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000014,76ECE820), ref: 00DD69F0
                                                                                                                                                                                                      • Part of subcall function 00DD82F0: WaitForMultipleObjects.KERNEL32 ref: 00DD835A
                                                                                                                                                                                                    • ResetEvent.KERNEL32 ref: 00DD964C
                                                                                                                                                                                                      • Part of subcall function 00DD6D50: TlsGetValue.KERNEL32 ref: 00DD6D62
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32 ref: 00DD968B
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ValueWait$EventMultipleObjectObjectsResetSingle
                                                                                                                                                                                                    • String ID: (
                                                                                                                                                                                                    • API String ID: 2327612466-3887548279
                                                                                                                                                                                                    • Opcode ID: 7466790d3b091f9630f89547464193e0a7961d3df9ab0fd4d96e389a6da92151
                                                                                                                                                                                                    • Instruction ID: 2f5086ceaefac5db341d94e4c0b938ff2913602f8a59dd9dbecc50492098b6a0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7466790d3b091f9630f89547464193e0a7961d3df9ab0fd4d96e389a6da92151
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E45173715083108AD7306F69896536EFAE4AF41744F19482FE9C893350EA77DC49DBB3
                                                                                                                                                                                                    Function 00D6F7C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 118networkCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • getpeername.WS2_32(?,?,?), ref: 00D6F81A
                                                                                                                                                                                                    • WSAGetLastError.WS2_32(?,?,?), ref: 00D6F8A1
                                                                                                                                                                                                    • setsockopt.WS2_32(?,0000FFFF,00000020,00000080,00000004), ref: 00D6F942
                                                                                                                                                                                                    • WSAGetLastError.WS2_32(?,0000FFFF,00000020,00000080,00000004,00000000,?,?,assertion failed: len >= mem::size_of::<c::sockaddr_in>()library\std\src\sys_common\net.rs,00000039,00E4D56C,?,?,?), ref: 00D6F94E
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • assertion failed: len >= mem::size_of::<c::sockaddr_in6>(), xrefs: 00D6F8F9
                                                                                                                                                                                                    • assertion failed: len >= mem::size_of::<c::sockaddr_in>()library\std\src\sys_common\net.rs, xrefs: 00D6F90A
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$getpeernamesetsockopt
                                                                                                                                                                                                    • String ID: assertion failed: len >= mem::size_of::<c::sockaddr_in6>()$assertion failed: len >= mem::size_of::<c::sockaddr_in>()library\std\src\sys_common\net.rs
                                                                                                                                                                                                    • API String ID: 2225440259-513854611
                                                                                                                                                                                                    • Opcode ID: 73e14e42966a45fbddf980079e82002458d4c52a3d95b0508b1de534dc34692f
                                                                                                                                                                                                    • Instruction ID: 99bbc61179bb0942bbede444465646beb3fab5f1f79e7993a453035c16637b59
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 73e14e42966a45fbddf980079e82002458d4c52a3d95b0508b1de534dc34692f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E41E570908B80EAD725CF18D802BABB7F4FF86314F009A1DF5DA57290E7759584CBA2
                                                                                                                                                                                                    Function 00D803A0 Relevance: 10.6, APIs: 7, Instructions: 65networkCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • WSASocketW.WS2_32(00000002,00D6E889,00000000,00000000,00000000,00000081), ref: 00D803CC
                                                                                                                                                                                                    • WSAGetLastError.WS2_32(?,?,?,?,00D6E889,?,?,00000001), ref: 00D803E3
                                                                                                                                                                                                    • WSASocketW.WS2_32(00000002,00D6E889,00000000,00000000,00000000,00000001), ref: 00D80400
                                                                                                                                                                                                    • SetHandleInformation.KERNEL32(00000000,00000001,00000000,00000002,00D6E889,00000000,00000000,00000000,00000001,?,?,?,?,00D6E889,?,?), ref: 00D80411
                                                                                                                                                                                                    • WSAGetLastError.WS2_32(00000002,00D6E889,00000000,00000000,00000000,00000001,?,?,?,?,00D6E889,?,?,00000001), ref: 00D80427
                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000001,00000000,00000002,00D6E889,00000000,00000000,00000000,00000001,?,?,?,?,00D6E889,?,?), ref: 00D80437
                                                                                                                                                                                                    • closesocket.WS2_32(00000000), ref: 00D80446
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$Socket$HandleInformationclosesocket
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3114377017-0
                                                                                                                                                                                                    • Opcode ID: 81ad3a217a5e93e07ae17fa3f306bf76d5498596ad451f06f19f4abb31d4762f
                                                                                                                                                                                                    • Instruction ID: c03809cb9e48a79a857cc2947f730da8379a654b00e895d7d985468f1c11ff37
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 81ad3a217a5e93e07ae17fa3f306bf76d5498596ad451f06f19f4abb31d4762f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9011E370240341ABEB306B688C42F667ED8DF41B50F24482FFA99EB2C1D2B4E8448374
                                                                                                                                                                                                    Function 00D6E220 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 277COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: freeaddrinfo
                                                                                                                                                                                                    • String ID: assertion failed: len >= mem::size_of::<c::sockaddr_in6>()$assertion failed: len >= mem::size_of::<c::sockaddr_in>()library\std\src\sys_common\net.rs
                                                                                                                                                                                                    • API String ID: 2731292433-513854611
                                                                                                                                                                                                    • Opcode ID: 5feb3cad39c2073487eb2569970b41883090e9a939e23443ffae3b4f4b2de8d3
                                                                                                                                                                                                    • Instruction ID: e69891a6dc7332ff39fbdf234fc82281c42ccd1ac95bfcd0bd8a4b5fd98d4f93
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5feb3cad39c2073487eb2569970b41883090e9a939e23443ffae3b4f4b2de8d3
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CDC149B5E04225CFCB18CF49D491AAEBBB1FF88304F15806EE845AB352DB759D41CBA4
                                                                                                                                                                                                    Function 00D89580 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81synchronizationCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00D8958F
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,000000FF), ref: 00D8959A
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,000000FF), ref: 00D895A7
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00D89601
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseHandle$ErrorLastObjectSingleWait
                                                                                                                                                                                                    • String ID: SystemTime
                                                                                                                                                                                                    • API String ID: 1454876536-2656138
                                                                                                                                                                                                    • Opcode ID: 7925e7d75fc105cad344b80e4ce35b85e0de82f52fa6bfeee6cecb7e4e43d824
                                                                                                                                                                                                    • Instruction ID: 2dd036c497188b4c25e721b82c88c8069e5eb7aa8c995735bab6c3b585c5cb78
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7925e7d75fc105cad344b80e4ce35b85e0de82f52fa6bfeee6cecb7e4e43d824
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E921B272D01208BADB00BBA8AC46AEEBB78EF46328F141115F91877282E771561587F2
                                                                                                                                                                                                    Function 00D78350 Relevance: 8.0, APIs: 3, Strings: 2, Instructions: 467COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memcpy.MSVCRT(00000001,?,?), ref: 00D7839A
                                                                                                                                                                                                    • memcpy.MSVCRT(00000001,00000000,?), ref: 00D78437
                                                                                                                                                                                                      • Part of subcall function 00D2E250: GetProcessHeap.KERNEL32(?), ref: 00D79460
                                                                                                                                                                                                      • Part of subcall function 00D2E250: HeapFree.KERNEL32(00000000,00000000,00000000,?), ref: 00D79469
                                                                                                                                                                                                    • memcpy.MSVCRT(00000001,?,?), ref: 00D7852D
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: memcpy$Heap$FreeProcess
                                                                                                                                                                                                    • String ID: PATHlibrary\std\src\sys_common\process.rs$assertion failed: self.height > 0
                                                                                                                                                                                                    • API String ID: 2997710474-3507162100
                                                                                                                                                                                                    • Opcode ID: e96150c5cc78b21b590a53780bf202e9578c54704b27c6a22b4913997a9beee0
                                                                                                                                                                                                    • Instruction ID: ff70877ac3f0188221787e93a5ec6420a363d3728c61830138a619fe18f7d429
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e96150c5cc78b21b590a53780bf202e9578c54704b27c6a22b4913997a9beee0
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA12AE71D006199BDB10DFA4DC85BEEB7B9FF59304F14816AE809BB242EB709941CBB1
                                                                                                                                                                                                    Function 00D25324 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 196COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • Internal buffer state failure~\.cargo\registry\src\index.crates.io-1949cf8c6b5b557f\murmur3-0.5.2\src\murmur3_32.rs, xrefs: 00D254F1
                                                                                                                                                                                                    • EN, xrefs: 00D254EA
                                                                                                                                                                                                    • @M, xrefs: 00D2549A
                                                                                                                                                                                                    • hQ, xrefs: 00D254A5
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: @M$EN$Internal buffer state failure~\.cargo\registry\src\index.crates.io-1949cf8c6b5b557f\murmur3-0.5.2\src\murmur3_32.rs$hQ
                                                                                                                                                                                                    • API String ID: 0-2742669996
                                                                                                                                                                                                    • Opcode ID: 73605157e3ea656bc37a9b9fe66e752ee20e0deb53f48db0a46028e2b8e42180
                                                                                                                                                                                                    • Instruction ID: 3da2c2d7046f591181ca8b2c9bbd5ff93e75038a501b2fe34241b2ba7acb8fd4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 73605157e3ea656bc37a9b9fe66e752ee20e0deb53f48db0a46028e2b8e42180
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6C61EAB2E006248FCB04DF58EC51BAEB7B1EF99324F094169E819A7392D735D905CBB0
                                                                                                                                                                                                    Function 00D650AE Relevance: 7.6, APIs: 5, Instructions: 149COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 90a065edf2285ab03d69dbc0da9d86720ce3e260153358480695c83e767d1e24
                                                                                                                                                                                                    • Instruction ID: bf85ae048ee09e751fda51a58e103486118e940c6dd2432c98556d99cf511f67
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90a065edf2285ab03d69dbc0da9d86720ce3e260153358480695c83e767d1e24
                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB51E071D043499FCB10DFA4EC91BAEBBB0AF5A304F188049E944BB342E7359885CBB1
                                                                                                                                                                                                    Function 00D602D0 Relevance: 7.6, APIs: 6, Instructions: 104COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • TlsGetValue.KERNEL32(00000000,?,00000000,00E80058,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00D602F4
                                                                                                                                                                                                    • TlsGetValue.KERNEL32(00000000,00000000,?,00000000,00E80058,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00D60317
                                                                                                                                                                                                    • TlsGetValue.KERNEL32(00000000,00000000,00000000,?,00000000,00E80058,?,?,?,?,?,?,?,?,?,?), ref: 00D6032D
                                                                                                                                                                                                    • TlsSetValue.KERNEL32(00000000,00000001,00000000,00000000,00000000,?,00000000,00E80058), ref: 00D60361
                                                                                                                                                                                                    • TlsSetValue.KERNEL32(00000000,?,00000001,00000000,00000000,00000000,?,00000000,00E80058), ref: 00D60376
                                                                                                                                                                                                    • TlsSetValue.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,?,00000000,00E80058), ref: 00D60399
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                    • Opcode ID: 3320288fc391b49ab01bec1c6ecdce26936600117fa7ce13f4d1d58049cd9866
                                                                                                                                                                                                    • Instruction ID: 8a9eeca0f6d3f69013871a1ae9bb94281a3c344abdc70b53111612e85120381f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3320288fc391b49ab01bec1c6ecdce26936600117fa7ce13f4d1d58049cd9866
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E3188B1B452055B9B50EB69DC46D3F3BA8EF84751B080025F84EF7382E631ED099772
                                                                                                                                                                                                    Function 00DD8620 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • calloc.MSVCRT ref: 00DD8648
                                                                                                                                                                                                    • free.MSVCRT ref: 00DD86D7
                                                                                                                                                                                                    • free.MSVCRT ref: 00DD86FF
                                                                                                                                                                                                      • Part of subcall function 00DD9470: calloc.MSVCRT ref: 00DD94A2
                                                                                                                                                                                                      • Part of subcall function 00DD9470: CreateSemaphoreA.KERNEL32 ref: 00DD94F8
                                                                                                                                                                                                      • Part of subcall function 00DD9470: CreateSemaphoreA.KERNEL32 ref: 00DD951F
                                                                                                                                                                                                      • Part of subcall function 00DD9470: InitializeCriticalSection.KERNEL32 ref: 00DD953E
                                                                                                                                                                                                      • Part of subcall function 00DD9470: InitializeCriticalSection.KERNEL32 ref: 00DD9549
                                                                                                                                                                                                      • Part of subcall function 00DD9470: InitializeCriticalSection.KERNEL32 ref: 00DD9554
                                                                                                                                                                                                    • free.MSVCRT ref: 00DD8747
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CriticalInitializeSectionfree$CreateSemaphorecalloc
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3430360044-3916222277
                                                                                                                                                                                                    • Opcode ID: 7c7c0541aae3a9993defe68905c02274730ffd7a2e58aa1a6a661b71b853b83b
                                                                                                                                                                                                    • Instruction ID: 8e1d5fd88cb9d218f552a5d0ddaba469fbd2ba948617e4d9c0ae801c6162dcd0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c7c0541aae3a9993defe68905c02274730ffd7a2e58aa1a6a661b71b853b83b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2313EB56097058FD700AF26E48531BBBE5EF80314F15886FE4888B305D775D84A9BF2
                                                                                                                                                                                                    Function 00D8D2C0 Relevance: 7.6, APIs: 5, Instructions: 74COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0(00E800E4,?,?,00D796F6,00E800E8,00000000), ref: 00D8D2EC
                                                                                                                                                                                                    • WakeByAddressSingle.API-MS-WIN-CORE-SYNCH-L1-2-0(00E800EC,?,?,00D796F6,00E800E8,00000000), ref: 00D8D32A
                                                                                                                                                                                                    • WakeByAddressAll.API-MS-WIN-CORE-SYNCH-L1-2-0(00E800E8,?,00D796F6,00E800E8,00000000), ref: 00D8D33E
                                                                                                                                                                                                    • TlsSetValue.KERNEL32(?,00000001,00000000,?,?,?,00E4D44C,00000024,00E4D470,?,?,00D796F6,00E800E8,00000000), ref: 00D8D36F
                                                                                                                                                                                                    • TlsSetValue.KERNEL32(?,00000000,?,00000001,00000000,?,?,?,00E4D44C,00000024,00E4D470,?,?,00D796F6,00E800E8,00000000), ref: 00D8D382
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressWake$SingleValue
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1317188499-0
                                                                                                                                                                                                    • Opcode ID: d928b422c1d1a096d0f400324e56e42f06a7ff1a3ab18d995347f1c0f38c24e8
                                                                                                                                                                                                    • Instruction ID: 18fc74df39715b078a38f5493af525b66279a544185bc1033bae2695e593b126
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d928b422c1d1a096d0f400324e56e42f06a7ff1a3ab18d995347f1c0f38c24e8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4121D571240211ABDF256B58F801B9A77A9DF45329F04443DF54EE72C1CE30E842C7E6
                                                                                                                                                                                                    Function 00D7C1D0 Relevance: 7.6, APIs: 5, Instructions: 65COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                      • Part of subcall function 00D7C080: NtOpenFile.NTDLL(00000000,?,?,00000103,00000007,?), ref: 00D7C0F7
                                                                                                                                                                                                    • SetFileInformationByHandle.KERNEL32(?,00000015,00000013,00000004), ref: 00D7C212
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000015,00000013,00000004), ref: 00D7C21B
                                                                                                                                                                                                    • SetFileInformationByHandle.KERNEL32(?,00000004,00000001,00000001,?,00000015,00000013,00000004), ref: 00D7C23C
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,00000015,00000013,00000004), ref: 00D7C248
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000004,00000001,00000001,?,00000015,00000013,00000004), ref: 00D7C265
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: FileHandle$ErrorInformationLast$CloseOpen
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1689364314-0
                                                                                                                                                                                                    • Opcode ID: b79ccbc9543e70f309300c1fa5a0497ca0ee9464cb26cf698f68fbcf3bb9e4e1
                                                                                                                                                                                                    • Instruction ID: 1095433b2d53133aae13b8a3d37d684e512e263f2641048b3a842248ea5624cc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b79ccbc9543e70f309300c1fa5a0497ca0ee9464cb26cf698f68fbcf3bb9e4e1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B11EC71E101086FEB2095D89C42BBF76ACDBC6704F148029F618E6283F561CD4183B5
                                                                                                                                                                                                    Function 00D827F0 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,00000000,?,00D825A9,?), ref: 00D82802
                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000001,00000001,00000000,?,?,00000000,?,00D825A9,?), ref: 00D8284B
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,00000000,00000001,00000001,00000000,?,?,00000000,?,00D825A9,?), ref: 00D8285E
                                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,00D825A9,?), ref: 00D82879
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,00000000,?,?,00D825A9,?), ref: 00D8287F
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseHandle$CreateErrorEventLast
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3743700123-0
                                                                                                                                                                                                    • Opcode ID: ee350ca5565e079627bf0ce25616038491ad30b1ee811489c2a7836417036e5d
                                                                                                                                                                                                    • Instruction ID: d3d1a131fa8b0a918e0f2e39596556b9904b79a582069c362a0cb06d5dd8c212
                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee350ca5565e079627bf0ce25616038491ad30b1ee811489c2a7836417036e5d
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C11A571A407027FE710AF259C42B26BBA8EF86714F144126F608AF692EBB09550C7F1
                                                                                                                                                                                                    Function 00D755E0 Relevance: 7.6, APIs: 5, Instructions: 51synchronizationCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • TerminateProcess.KERNEL32(?,00000001,00000000,?,?,?,?,?), ref: 00D75603
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000001,00000000,?,?,?,?,?), ref: 00D75611
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,00000000,?,00000001,00000000,?,?,?,?,?), ref: 00D75620
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000,?,00000001,00000000,?,?,?,?,?), ref: 00D75647
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$ObjectProcessSingleTerminateWait
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 536955195-0
                                                                                                                                                                                                    • Opcode ID: 25a8aaf39ca2f70561c3e3ef9cfea3edae8c9d3b2d333671584e5bae49a495be
                                                                                                                                                                                                    • Instruction ID: a1441fb34e5fdc06c1556dab304d8880c709366e2524fdb533bebb41d3ef834b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 25a8aaf39ca2f70561c3e3ef9cfea3edae8c9d3b2d333671584e5bae49a495be
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 220184702006046BEB205A559C81F7E7FACDB86750F98802AF94CC7246E6B1D84186B3
                                                                                                                                                                                                    Function 00D89680 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,00D7676B,?,00000000,00000000), ref: 00D896B9
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,00D7676B,?,00000000,00000000), ref: 00D89793
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,00000000,00E4BA84), ref: 00D897F8
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • called `Result::unwrap()` on an `Err` value, xrefs: 00D897B5
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseErrorFrequencyHandleLastPerformanceQuery
                                                                                                                                                                                                    • String ID: called `Result::unwrap()` on an `Err` value
                                                                                                                                                                                                    • API String ID: 4077432747-2333694755
                                                                                                                                                                                                    • Opcode ID: f1eadf1409619535b77f3b8c734f60fa0997ac55e710bf52b2fd7ce4c638f6df
                                                                                                                                                                                                    • Instruction ID: ae389efbde7e4563067c73643a5f066c63323aff6ca2fedf57b7fe4947d248b9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1eadf1409619535b77f3b8c734f60fa0997ac55e710bf52b2fd7ce4c638f6df
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C741D772A043056FCB04EF29DC41A6ABBF9EFC4750F05892DF89CA7351E73199048BA2
                                                                                                                                                                                                    Function 00D8A740 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32), ref: 00D8A748
                                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 00D8A757
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                                                                    • String ID: GetTempPath2W$kernel32
                                                                                                                                                                                                    • API String ID: 1646373207-407914046
                                                                                                                                                                                                    • Opcode ID: 85eec4ac46bbd6921246a356c31794ce106554f6a1941e8afd436b0825d662fd
                                                                                                                                                                                                    • Instruction ID: d6b16ea46ccc81be1622b6164227f5f5201a4a2f9cf68aeee5b3de101da562d5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 85eec4ac46bbd6921246a356c31794ce106554f6a1941e8afd436b0825d662fd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17D05E3038D3045A6748776A2E1A7213FD8DA80310700003FEA00D6751E9B1D80092BD
                                                                                                                                                                                                    Function 00D48680 Relevance: 6.7, APIs: 5, Instructions: 420COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$FreeProcess
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3859560861-0
                                                                                                                                                                                                    • Opcode ID: 55238de87f37f1ab514e042006d3740614b72326d0ed59cda950c538865051fd
                                                                                                                                                                                                    • Instruction ID: 008809e69f5f7ca9784e547314548a5eef3568e5cbd947cb84eca1b3914962cb
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 55238de87f37f1ab514e042006d3740614b72326d0ed59cda950c538865051fd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2922D875D00A19CBCB14CF59C890AEEF7B5FF89314F1486AAD819AB315DB30AA45CF60
                                                                                                                                                                                                    Function 00D48602 Relevance: 6.7, APIs: 5, Instructions: 418COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$FreeProcess
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3859560861-0
                                                                                                                                                                                                    • Opcode ID: 8c84599d8e24940f1c4933370620b3830b6c0aea3ab83f5099d7f7bd6fffc1b1
                                                                                                                                                                                                    • Instruction ID: 81158698f974abc8b99b3c19ef0d7df0f36091f0c0cf2e8fa7590edd8cdd7cf2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c84599d8e24940f1c4933370620b3830b6c0aea3ab83f5099d7f7bd6fffc1b1
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C922C775D00A198BCB15CF59C890AEEF7B5FF89304F1486AAD8197B315DB30AA85CF60
                                                                                                                                                                                                    Function 00D4867E Relevance: 6.7, APIs: 5, Instructions: 406COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$FreeProcess
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3859560861-0
                                                                                                                                                                                                    • Opcode ID: 0df7e72be962efcb2994aab0aa51887e08c832ae9610e9f9641bdaa7bfb29bb6
                                                                                                                                                                                                    • Instruction ID: b5534f3ab57900f264f2d16cf455af50efac37a57793d8466aa08b5063e4fda8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0df7e72be962efcb2994aab0aa51887e08c832ae9610e9f9641bdaa7bfb29bb6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: AD22C875D00A198BCB15CF59C890AEEF7B5FF89304F1486AAD8196B315DB30AA85CF60
                                                                                                                                                                                                    Function 00D4865D Relevance: 6.7, APIs: 5, Instructions: 405COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$FreeProcess
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3859560861-0
                                                                                                                                                                                                    • Opcode ID: f394d26b791d61e6280c5b6e89c887c57d08623dc58929aed10a3a2c114dc0fd
                                                                                                                                                                                                    • Instruction ID: 90f3fd9640eaec8acab4e77a4312db8fbb209dd60b48b35a9f3602fe2b60c381
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f394d26b791d61e6280c5b6e89c887c57d08623dc58929aed10a3a2c114dc0fd
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DB22C675D00A19CBCB15CF59C890AEEF7B5FF89304F1486AAD8196B315DB30AA85CF60
                                                                                                                                                                                                    Function 00D2E270 Relevance: 6.3, APIs: 5, Instructions: 60memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(?,?,?,?,00DAD75B,00000000,?,?,?,?,00D7C5DB,00D7C5DA,?,?,00000000,00E56A0C), ref: 00D79494
                                                                                                                                                                                                    • HeapReAlloc.KERNEL32(00000000,00000000,?,00000000,?,?,?,?,00DAD75B,00000000,?,?,?,?,00D7C5DB,00D7C5DA), ref: 00D7949E
                                                                                                                                                                                                    • memcpy.MSVCRT(00000000,?,00000000,?,?,?,?,?,00E56A0C,?,?,?,00000000,?,?), ref: 00D794E1
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,00E56A0C,?,?,?,00000000,?,?), ref: 00D794EC
                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,00E56A0C,?,?,?,00000000), ref: 00D794F5
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$Process$AllocFreememcpy
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3405790324-0
                                                                                                                                                                                                    • Opcode ID: 46882976521753e962c88f999377f3c58e74f38a72441a89e94f0b68cf1a7511
                                                                                                                                                                                                    • Instruction ID: 679ad7f20e704cdcabca1833fb1defc0cb3f05f399aedfb960d7c268fcc47689
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 46882976521753e962c88f999377f3c58e74f38a72441a89e94f0b68cf1a7511
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D1170726052156BDB10AE68C885B5BBBEDEFC4314F15852AF84897301E670EC0586BA
                                                                                                                                                                                                    Function 00DAE090 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 200COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memcpy.MSVCRT(00000000,00000000,00D2B0EA,?,?,00D2B0EA,00000000,?,?), ref: 00DAE0D2
                                                                                                                                                                                                    • memcpy.MSVCRT(00000000,?,?,?,?,?,?,?,00000000,?,$l,$l,00D2B0EA,00000000,?,?), ref: 00DAE1D2
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: memcpy
                                                                                                                                                                                                    • String ID: $l$$l
                                                                                                                                                                                                    • API String ID: 3510742995-2422038930
                                                                                                                                                                                                    • Opcode ID: c8d024c50c7e9ba628ebf3a54b01071d4b56349483c2cd4e40f1bed36428fdb8
                                                                                                                                                                                                    • Instruction ID: 509ced469b5a9ddd18596260a6aac8b9b04ba45357f0d495da298b0ece9a331f
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c8d024c50c7e9ba628ebf3a54b01071d4b56349483c2cd4e40f1bed36428fdb8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8751C8B0D00315AFDB00AFA9DC85FBA7BBCEF46315F188466F8199B252E6719900C7B1
                                                                                                                                                                                                    Function 00DB14A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 160COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memcpy.MSVCRT(00000001,?,?), ref: 00DB14F7
                                                                                                                                                                                                    • memcpy.MSVCRT(00000001,?,?), ref: 00DB1551
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: memcpy
                                                                                                                                                                                                    • String ID: @k$@k
                                                                                                                                                                                                    • API String ID: 3510742995-1676244581
                                                                                                                                                                                                    • Opcode ID: b6b17158166764abb2523c57fc780bec80d9de2ecf14560210eb930c44bb04e9
                                                                                                                                                                                                    • Instruction ID: a7705f7c805ab1f0c856f3f033d61b48e58acc165d65f057e9d612d1dd2cc817
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b6b17158166764abb2523c57fc780bec80d9de2ecf14560210eb930c44bb04e9
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F85120B5E00219DFCB10DF98DC91AEEB7B9EF49314F584429E91AA7341E731A904CBB1
                                                                                                                                                                                                    Function 00D89180 Relevance: 6.1, APIs: 4, Instructions: 128COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?), ref: 00D891F2
                                                                                                                                                                                                    • ReadConsoleW.KERNEL32(?,00E4CF04,00000001,00000000,?,00000000,?), ref: 00D89202
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00E4CF04,00000001,00000000,?,00000000,?), ref: 00D89212
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00E4CF04,00000001,00000000,?,00000000,?), ref: 00D89287
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorLast$ConsoleRead
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2254617233-0
                                                                                                                                                                                                    • Opcode ID: 34e13ffec724e1e8c6dd217594261a4964956ebdabd0e6a51f673e053179a7e6
                                                                                                                                                                                                    • Instruction ID: 05b86cbb599d40d6992a06b7fa23a88d8847a1f690a166ec86aae400c5de62ca
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34e13ffec724e1e8c6dd217594261a4964956ebdabd0e6a51f673e053179a7e6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA41C471A00319BBCF10EFA8C891BBFBBA8EF45310F584029F949AB241D735A941C7B5
                                                                                                                                                                                                    Function 00D7E190 Relevance: 6.1, APIs: 4, Instructions: 100COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CreateSymbolicLinkW.KERNEL32(00D7E17B,00000000,-00000002,?,?,?,?,00D7E17B,00000000,?,00000000,00000000,?,00000000,00000000), ref: 00D7E247
                                                                                                                                                                                                    • GetLastError.KERNEL32(00D7E17B,00000000,-00000002,?,?,?,?,00D7E17B,00000000,?,00000000,00000000,?,00000000,00000000), ref: 00D7E255
                                                                                                                                                                                                    • CreateSymbolicLinkW.KERNEL32(00000000,00000000,?,00D7E17B,00000000,-00000002,?,?,?,?,00D7E17B,00000000,?,00000000,00000000,?), ref: 00D7E268
                                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000000,?,00D7E17B,00000000,-00000002,?,?,?,?,00D7E17B,00000000,?,00000000,00000000,?), ref: 00D7E271
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateErrorLastLinkSymbolic
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 191780330-0
                                                                                                                                                                                                    • Opcode ID: 7c7179d733266c1e405f60b6e60e406e7f1ce5a2ade1fc9c9036a895c68fe891
                                                                                                                                                                                                    • Instruction ID: b40e4f76306d34f1573ef65702de41bdad10f5a7ab250972a6e74183498555e1
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c7179d733266c1e405f60b6e60e406e7f1ce5a2ade1fc9c9036a895c68fe891
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 473190B5D0021AABDF14DFD4DC42AEEBBB9EF58304F148469E859B7342E6319900CBB5
                                                                                                                                                                                                    Function 00D21001 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: __p__commode__p__fmode__set_app_type
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3338496922-0
                                                                                                                                                                                                    • Opcode ID: 18fd7aad98adc9b354ed51c64d6c057bb4d302ad1301e8ba2d7f9671c8465348
                                                                                                                                                                                                    • Instruction ID: 3ff3192ead75833214bf15cd9e6fc354c7bb9cf8677ef36ca22c1200adf92bf8
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 18fd7aad98adc9b354ed51c64d6c057bb4d302ad1301e8ba2d7f9671c8465348
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A021CD74500212DFC750AF64EA457A537E1FB20308F99CA69C0585B326D77AD8CACBB2
                                                                                                                                                                                                    Function 00D65430 Relevance: 6.0, APIs: 4, Instructions: 39fileCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • UnlockFile.KERNEL32(?,00000000,00000000,000000FF,000000FF), ref: 00D65446
                                                                                                                                                                                                    • UnlockFile.KERNEL32(?,00000000,00000000,000000FF,000000FF,?,00000000,00000000,000000FF,000000FF), ref: 00D65458
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,000000FF,000000FF,?,00000000,00000000,000000FF,000000FF), ref: 00D65461
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,000000FF,000000FF), ref: 00D65472
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorFileLastUnlock
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3655728120-0
                                                                                                                                                                                                    • Opcode ID: cd91cb9532f03e2d504fe89ff3b9144a8d410329774d4e8a71c7d3a3d2a98376
                                                                                                                                                                                                    • Instruction ID: 04c9ce049118a6172003143d59b61117839513e9b07efc3dcee89f9c65f965fc
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd91cb9532f03e2d504fe89ff3b9144a8d410329774d4e8a71c7d3a3d2a98376
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9FF096302482116BDB205B589C01B167B988B82771F34479AFAB4A73C5DA70F8818375
                                                                                                                                                                                                    Function 00D75670 Relevance: 6.0, APIs: 4, Instructions: 39synchronizationCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00D7568B
                                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00D75696
                                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,000000FF), ref: 00D7569F
                                                                                                                                                                                                    • GetExitCodeProcess.KERNEL32(?,?), ref: 00D756BB
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseCodeErrorExitHandleLastObjectProcessSingleWait
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2321548817-0
                                                                                                                                                                                                    • Opcode ID: 69a56f6582363e804a401e43d8be51aba516ca54cd33ddb105b77b7c2e86dab8
                                                                                                                                                                                                    • Instruction ID: 87464196789fa54d159de2d4f18ab8b13bdbe93f911334cf6c2a89afa327faa5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 69a56f6582363e804a401e43d8be51aba516ca54cd33ddb105b77b7c2e86dab8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: EBF04FB0500645ABDB10EF59D800B5EFBF8EF85320F54801AE96897381E774E841CBB6
                                                                                                                                                                                                    Function 00D76730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32 ref: 00D7674D
                                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00D7678B
                                                                                                                                                                                                      • Part of subcall function 00D89680: QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,00D7676B,?,00000000,00000000), ref: 00D896B9
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    • called `Result::unwrap()` on an `Err` value, xrefs: 00D767AD
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: PerformanceQuery$CounterErrorFrequencyLast
                                                                                                                                                                                                    • String ID: called `Result::unwrap()` on an `Err` value
                                                                                                                                                                                                    • API String ID: 158728112-2333694755
                                                                                                                                                                                                    • Opcode ID: c2dae1e0fcca4d2a4d771a6627b968f4ea3cc974b979b03f16fb90d89228535c
                                                                                                                                                                                                    • Instruction ID: a2ee7bc25d863cef2e0b5ccdde5b3557f59387fd3ca96121b1f04c5eed5e238b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2dae1e0fcca4d2a4d771a6627b968f4ea3cc974b979b03f16fb90d89228535c
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FC216676904305ABCB00AF59DC05A9BBBF8EFC9764F04882DF99D97251E631D510CBA2
                                                                                                                                                                                                    Function 00DD5610 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: fprintf
                                                                                                                                                                                                    • String ID: %p not found?!?!
                                                                                                                                                                                                    • API String ID: 383729395-11085004
                                                                                                                                                                                                    • Opcode ID: 3027a89d36669b8762b4cbf4150c668d378b29f0d9854024572e3c9d8df3b3a4
                                                                                                                                                                                                    • Instruction ID: 3c710aeaf59d49770fd66462649b037abab488b81bf4417dd112306fbeb73635
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3027a89d36669b8762b4cbf4150c668d378b29f0d9854024572e3c9d8df3b3a4
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18115271509B108FCB60BF35E484629BBE4AF00750F89846ED4898B309D771D884CB72
                                                                                                                                                                                                    Function 00D60690 Relevance: 5.1, APIs: 4, Instructions: 146COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • TlsSetValue.KERNEL32(?,00000001,?,?,?,?,?,?,?,00000000,00000000,00000000,?,00D60600,00000000,00D75A7E), ref: 00D606B2
                                                                                                                                                                                                    • TlsGetValue.KERNEL32(?,?,00000001,?,?,?,?,?,?,?,00000000,00000000,00000000,?,00D60600,00000000), ref: 00D606C6
                                                                                                                                                                                                    • TlsGetValue.KERNEL32(?,?,?,00000001,?,?,?,?,?,?,?,00000000,00000000,00000000,?,00D60600), ref: 00D606DC
                                                                                                                                                                                                    • TlsSetValue.KERNEL32(00000000,-00000007,?,?,00000001), ref: 00D6076E
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                    • Opcode ID: 93a6ed12c4419c4377023741404c17f7e89a15f02c0ac2381c9d8e8c71e73c4b
                                                                                                                                                                                                    • Instruction ID: b9f290fcdcae3e4c1a19400e0edda1873345dbf6e6a881608c9d8f83c7499d41
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 93a6ed12c4419c4377023741404c17f7e89a15f02c0ac2381c9d8e8c71e73c4b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 605150B0D412099BEB40EFA5DC85BEF7BB4EF44314F184015E805BB282D7769949CBB5
                                                                                                                                                                                                    Function 00D94060 Relevance: 5.1, APIs: 4, Instructions: 86COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • TlsGetValue.KERNEL32(-00000001,?,?,00000008,00000018), ref: 00D94075
                                                                                                                                                                                                    • TlsGetValue.KERNEL32(00000000,?,00000000,?,?,?,00000008,00000018), ref: 00D940C5
                                                                                                                                                                                                    • TlsSetValue.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,00000008,00000018), ref: 00D940D1
                                                                                                                                                                                                    • TlsGetValue.KERNEL32(00000000,?,?,?,00000008,00000018), ref: 00D94100
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                    • Opcode ID: f087ead707db3e1f251789358af4e22020b6739e49616927e53eee50ae583722
                                                                                                                                                                                                    • Instruction ID: 2b51daa6a38625705eaf36a905c6606a83965218ed4f2f472f35057bdadb0200
                                                                                                                                                                                                    • Opcode Fuzzy Hash: f087ead707db3e1f251789358af4e22020b6739e49616927e53eee50ae583722
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 162135729002145FDF10BB69AC02F6FBBA8EF81750F094416EA09AB393DA719D0687B1
                                                                                                                                                                                                    Function 00D887D0 Relevance: 5.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memcpy.MSVCRT(?,?,00000000,?,?,00000001,?,00D89118,?), ref: 00D887EE
                                                                                                                                                                                                    • memmove.MSVCRT(?,?,00000004,?,00D89118,?), ref: 00D88808
                                                                                                                                                                                                    • GetStdHandle.KERNEL32(FFFFFFF4,?,?,?,?,?,?,00D6DB2E,?,?,?,00D6D2D9,?,00D6DB2E,?,00D6DB2E), ref: 00D88853
                                                                                                                                                                                                    • GetLastError.KERNEL32(FFFFFFF4,?,?,?,?,?,?,00D6DB2E,?,?,?,00D6D2D9,?,00D6DB2E,?,00D6DB2E), ref: 00D88863
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ErrorHandleLastmemcpymemmove
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2696460671-0
                                                                                                                                                                                                    • Opcode ID: e45be057f6ca88db3bbf7844e583fea07cecd157b246ea301822c8461881a7f6
                                                                                                                                                                                                    • Instruction ID: 25f71f733b06cc9912fc9a0dc7336b6552dd2041dad8dd90fa0fa99b74c3944a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e45be057f6ca88db3bbf7844e583fea07cecd157b246ea301822c8461881a7f6
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FE11EB616012046ED6107A79AC85B777BACDB52364FD8853AF94987242E971DC01A3B1
                                                                                                                                                                                                    Function 00D774D0 Relevance: 5.1, APIs: 4, Instructions: 65memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • memcpy.MSVCRT(00000000,?,?), ref: 00D7750E
                                                                                                                                                                                                    • memcpy.MSVCRT(00000000,?,?), ref: 00D77552
                                                                                                                                                                                                    • GetProcessHeap.KERNEL32 ref: 00D7755D
                                                                                                                                                                                                    • HeapFree.KERNEL32(00000000,00000000,?), ref: 00D77566
                                                                                                                                                                                                      • Part of subcall function 00D8A950: GetProcessHeap.KERNEL32(?,00D7942C,?,?,?,?,?,?,?,?,?,?,?,?,80000000,?), ref: 00D8A953
                                                                                                                                                                                                      • Part of subcall function 00D8A950: HeapAlloc.KERNEL32(00000000,?,?,?,00D7942C), ref: 00D8A963
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Heap$Processmemcpy$AllocFree
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1904491526-0
                                                                                                                                                                                                    • Opcode ID: 73df4b082369a9695a373649fd978ccbebfab89fba2fcdb34035ad8a3d1ba8fe
                                                                                                                                                                                                    • Instruction ID: c2c6c89184be88b6476afbbc8495601e9832c9ed11bca11d21a73589f859792e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 73df4b082369a9695a373649fd978ccbebfab89fba2fcdb34035ad8a3d1ba8fe
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8911A3B2A083116BCB10AF699C86A4F7BE9EBC4710F59853AFC0C97301F630D81487B6
                                                                                                                                                                                                    Function 00D60440 Relevance: 5.1, APIs: 4, Instructions: 62COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • TlsGetValue.KERNEL32(?,?,?,00D5FE9D,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00D6044F
                                                                                                                                                                                                    • TlsGetValue.KERNEL32(00000000,00D5FE9D,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00D6048A
                                                                                                                                                                                                    • TlsGetValue.KERNEL32(00000000,00000000,00D5FE9D,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00D6049F
                                                                                                                                                                                                    • TlsGetValue.KERNEL32(00000000,00000000,00000000,00D5FE9D,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00D604B1
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Value
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3702945584-0
                                                                                                                                                                                                    • Opcode ID: b106f609f5b413f8bab3d5a8c469385066d743922286cd67c0e8217ffa75e49e
                                                                                                                                                                                                    • Instruction ID: 0ea6f3201d02962df214b6c969249387139db3c3bc561eede6d31c3e236773a0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: b106f609f5b413f8bab3d5a8c469385066d743922286cd67c0e8217ffa75e49e
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E201B970B81204575AA072A96C47E6B7B89DEC47617080832E91EF7645ED21EC4C53B1
                                                                                                                                                                                                    Function 00D704D0 Relevance: 5.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000000.00000002.2196265838.0000000000D21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00D20000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196250472.0000000000D20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196325381.0000000000DE0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196338774.0000000000DE1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196398410.0000000000E81000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196411433.0000000000E82000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    • Associated: 00000000.00000002.2196424749.0000000000E85000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                    • Snapshot File: hcaresult_0_2_d20000_uo9m.jbxd
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CloseHandle
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2962429428-0
                                                                                                                                                                                                    • Opcode ID: a322bf90f38147dd208aabad70a575d61a942dd54d757470b5a91c8da1f53763
                                                                                                                                                                                                    • Instruction ID: 5d2297fda815ccfb5a6600f6d1e3cab0e6f0a4eeffecca59159d7a221f4e0d16
                                                                                                                                                                                                    • Opcode Fuzzy Hash: a322bf90f38147dd208aabad70a575d61a942dd54d757470b5a91c8da1f53763
                                                                                                                                                                                                    • Instruction Fuzzy Hash: FEF03031100204EBDF256F08D885B667F68EB80325F0880A2FA082A696D771DC50CBF1