Create Interactive Tour

Windows Analysis Report
lmtyweWwbU.exe

Overview

General Information

Sample name:lmtyweWwbU.exe
renamed because original name is a hash value
Original sample name:d3be4981a8db02dab1f214565fc5b0b6748ff6fa218b0bcc46a915229f8078f3.exe
Analysis ID:1664472
MD5:d436e0b4a9aa7b9a6641ea93c4dba8ae
SHA1:a33e3e532dc90f08e111eab0762bce9158fd37e2
SHA256:d3be4981a8db02dab1f214565fc5b0b6748ff6fa218b0bcc46a915229f8078f3
Tags:96-9-125-200exeuser-JAMESWT_WT
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

Sigma detected: Potentially Suspicious Malware Callback Communication
Uses cmd line tools excessively to alter registry or file data
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
Program does not show much activity (idle)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • lmtyweWwbU.exe (PID: 6644 cmdline: "C:\Users\user\Desktop\lmtyweWwbU.exe" MD5: D436E0B4A9AA7B9A6641EA93C4DBA8AE)
    • conhost.exe (PID: 6656 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • attrib.exe (PID: 7076 cmdline: "attrib" +h +s C:\Users\user\Desktop\lmtyweWwbU.exe MD5: 5037D8E6670EF1D89FB6AD435F12A9FD)
    • attrib.exe (PID: 7068 cmdline: "attrib" +h +s C:\Users\user\Desktop\SystemHelper.exe MD5: 5037D8E6670EF1D89FB6AD435F12A9FD)
    • SystemHelper.exe (PID: 6284 cmdline: "C:\Users\user\Desktop\SystemHelper.exe" MD5: D436E0B4A9AA7B9A6641EA93C4DBA8AE)
      • attrib.exe (PID: 6256 cmdline: "attrib" +h +s C:\Users\user\Desktop\SystemHelper.exe MD5: 5037D8E6670EF1D89FB6AD435F12A9FD)
  • cleanup
No configs have been found
No yara matches

System Summary

barindex
Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 96.9.125.200, DestinationIsIpv6: false, DestinationPort: 4443, EventID: 3, Image: C:\Users\user\Desktop\SystemHelper.exe, Initiated: true, ProcessId: 6284, Protocol: tcp, SourceIp: 192.168.2.8, SourceIsIpv6: false, SourcePort: 49692
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results
Source: lmtyweWwbU.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: Freelancer_Contract_Viewer.pdb source: lmtyweWwbU.exe
Source: global trafficTCP traffic: 192.168.2.8:49692 -> 96.9.125.200:4443
Source: Joe Sandbox ViewASN Name: 2ICSYSTEMSINCCA 2ICSYSTEMSINCCA
Source: unknownTCP traffic detected without corresponding DNS query: 96.9.125.200
Source: unknownTCP traffic detected without corresponding DNS query: 96.9.125.200
Source: unknownTCP traffic detected without corresponding DNS query: 96.9.125.200
Source: unknownTCP traffic detected without corresponding DNS query: 96.9.125.200
Source: unknownTCP traffic detected without corresponding DNS query: 96.9.125.200
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: 0_2_00007FF6D34DE250 recv,WSAGetLastError,0_2_00007FF6D34DE250
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: 0_2_00007FF6D34E5D20 NtReadFile,WaitForSingleObject,RtlNtStatusToDosError,0_2_00007FF6D34E5D20
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: 0_2_00007FF6D34E59F0 NtReadFile,WaitForSingleObject,RtlNtStatusToDosError,0_2_00007FF6D34E59F0
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: 0_2_00007FF6D34E5E40 NtWriteFile,WaitForSingleObject,RtlNtStatusToDosError,0_2_00007FF6D34E5E40
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: 0_2_00007FF6D34E80D00_2_00007FF6D34E80D0
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: 0_2_00007FF6D34F0D100_2_00007FF6D34F0D10
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: 0_2_00007FF6D34FA4C00_2_00007FF6D34FA4C0
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: 0_2_00007FF6D34E4C000_2_00007FF6D34E4C00
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: 0_2_00007FF6D34DD4000_2_00007FF6D34DD400
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: 0_2_00007FF6D34FDAC00_2_00007FF6D34FDAC0
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: 0_2_00007FF6D34FAAC00_2_00007FF6D34FAAC0
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: 0_2_00007FF6D34F11A00_2_00007FF6D34F11A0
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: 0_2_00007FF6D34FE1C00_2_00007FF6D34FE1C0
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: 0_2_00007FF6D34E28800_2_00007FF6D34E2880
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: 0_2_00007FF6D34D60B00_2_00007FF6D34D60B0
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: 0_2_00007FF6D34FB0C00_2_00007FF6D34FB0C0
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: 0_2_00007FF6D34F2F200_2_00007FF6D34F2F20
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: 0_2_00007FF6D34DE6C00_2_00007FF6D34DE6C0
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: 0_2_00007FF6D34F9D900_2_00007FF6D34F9D90
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: 0_2_00007FF6D34F86000_2_00007FF6D34F8600
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: String function: 00007FF6D34FD430 appears 65 times
Source: classification engineClassification label: mal48.winEXE@10/0@0/1
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: 0_2_00007FF6D34E5F60 memset,GetModuleHandleW,FormatMessageW,GetLastError,0_2_00007FF6D34E5F60
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6656:120:WilError_03
Source: lmtyweWwbU.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\lmtyweWwbU.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\lmtyweWwbU.exe "C:\Users\user\Desktop\lmtyweWwbU.exe"
Source: C:\Users\user\Desktop\lmtyweWwbU.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\lmtyweWwbU.exeProcess created: C:\Windows\System32\attrib.exe "attrib" +h +s C:\Users\user\Desktop\lmtyweWwbU.exe
Source: C:\Users\user\Desktop\lmtyweWwbU.exeProcess created: C:\Windows\System32\attrib.exe "attrib" +h +s C:\Users\user\Desktop\SystemHelper.exe
Source: C:\Users\user\Desktop\lmtyweWwbU.exeProcess created: C:\Users\user\Desktop\SystemHelper.exe "C:\Users\user\Desktop\SystemHelper.exe"
Source: C:\Users\user\Desktop\SystemHelper.exeProcess created: C:\Windows\System32\attrib.exe "attrib" +h +s C:\Users\user\Desktop\SystemHelper.exe
Source: C:\Users\user\Desktop\lmtyweWwbU.exeProcess created: C:\Windows\System32\attrib.exe "attrib" +h +s C:\Users\user\Desktop\lmtyweWwbU.exeJump to behavior
Source: C:\Users\user\Desktop\lmtyweWwbU.exeProcess created: C:\Windows\System32\attrib.exe "attrib" +h +s C:\Users\user\Desktop\SystemHelper.exeJump to behavior
Source: C:\Users\user\Desktop\lmtyweWwbU.exeProcess created: C:\Users\user\Desktop\SystemHelper.exe "C:\Users\user\Desktop\SystemHelper.exe"Jump to behavior
Source: C:\Users\user\Desktop\SystemHelper.exeProcess created: C:\Windows\System32\attrib.exe "attrib" +h +s C:\Users\user\Desktop\SystemHelper.exeJump to behavior
Source: C:\Users\user\Desktop\lmtyweWwbU.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\lmtyweWwbU.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\lmtyweWwbU.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\lmtyweWwbU.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\lmtyweWwbU.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\lmtyweWwbU.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\attrib.exeSection loaded: ulib.dllJump to behavior
Source: C:\Windows\System32\attrib.exeSection loaded: fsutilext.dllJump to behavior
Source: C:\Windows\System32\attrib.exeSection loaded: ulib.dllJump to behavior
Source: C:\Windows\System32\attrib.exeSection loaded: fsutilext.dllJump to behavior
Source: C:\Users\user\Desktop\SystemHelper.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\SystemHelper.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\SystemHelper.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\SystemHelper.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\attrib.exeSection loaded: ulib.dllJump to behavior
Source: C:\Windows\System32\attrib.exeSection loaded: fsutilext.dllJump to behavior
Source: lmtyweWwbU.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: lmtyweWwbU.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: lmtyweWwbU.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: lmtyweWwbU.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: lmtyweWwbU.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: lmtyweWwbU.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: lmtyweWwbU.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: lmtyweWwbU.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: lmtyweWwbU.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: Freelancer_Contract_Viewer.pdb source: lmtyweWwbU.exe
Source: lmtyweWwbU.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: lmtyweWwbU.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: lmtyweWwbU.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: lmtyweWwbU.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: lmtyweWwbU.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: 0_2_00007FF6D34F1D30 WaitForSingleObjectEx,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,memset,GetProcAddress,GetCurrentProcess,lstrlenW,GetCurrentProcessId,CreateMutexA,CloseHandle,GetProcAddress,GetCurrentProcess,GetProcAddress,GetCurrentProcess,ReleaseMutex,0_2_00007FF6D34F1D30

Persistence and Installation Behavior

barindex
Source: C:\Users\user\Desktop\lmtyweWwbU.exeProcess created: attrib.exe
Source: C:\Users\user\Desktop\lmtyweWwbU.exeProcess created: attrib.exe
Source: C:\Users\user\Desktop\SystemHelper.exeProcess created: attrib.exe
Source: C:\Users\user\Desktop\lmtyweWwbU.exeProcess created: attrib.exeJump to behavior
Source: C:\Users\user\Desktop\lmtyweWwbU.exeProcess created: attrib.exeJump to behavior
Source: C:\Users\user\Desktop\SystemHelper.exeProcess created: attrib.exeJump to behavior
Source: C:\Users\user\Desktop\lmtyweWwbU.exeAPI coverage: 9.6 %
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: SystemHelper.exe, 00000005.00000002.1112017135.0000020BCA2C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: 0_2_00007FF6D3500124 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6D3500124
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: 0_2_00007FF6D34F1D30 WaitForSingleObjectEx,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,memset,GetProcAddress,GetCurrentProcess,lstrlenW,GetCurrentProcessId,CreateMutexA,CloseHandle,GetProcAddress,GetCurrentProcess,GetProcAddress,GetCurrentProcess,ReleaseMutex,0_2_00007FF6D34F1D30
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: 0_2_00007FF6D34F04A0 GetProcessHeap,HeapAlloc,0_2_00007FF6D34F04A0
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: 0_2_00007FF6D35002C8 SetUnhandledExceptionFilter,0_2_00007FF6D35002C8
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: 0_2_00007FF6D3500124 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6D3500124
Source: C:\Users\user\Desktop\lmtyweWwbU.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\lmtyweWwbU.exeProcess created: C:\Windows\System32\attrib.exe "attrib" +h +s C:\Users\user\Desktop\lmtyweWwbU.exeJump to behavior
Source: C:\Users\user\Desktop\lmtyweWwbU.exeProcess created: C:\Windows\System32\attrib.exe "attrib" +h +s C:\Users\user\Desktop\SystemHelper.exeJump to behavior
Source: C:\Users\user\Desktop\lmtyweWwbU.exeProcess created: C:\Users\user\Desktop\SystemHelper.exe "C:\Users\user\Desktop\SystemHelper.exe"Jump to behavior
Source: C:\Users\user\Desktop\SystemHelper.exeProcess created: C:\Windows\System32\attrib.exe "attrib" +h +s C:\Users\user\Desktop\SystemHelper.exeJump to behavior
Source: C:\Users\user\Desktop\lmtyweWwbU.exeCode function: 0_2_00007FF6D34FFFFC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF6D34FFFFC
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Command and Scripting Interpreter
1
DLL Side-Loading
11
Process Injection
1
Disable or Modify Tools
OS Credential Dumping1
System Time Discovery
Remote Services1
Archive Collected Data
1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API
Boot or Logon Initialization Scripts1
DLL Side-Loading
11
Process Injection
LSASS Memory21
Security Software Discovery
Remote Desktop ProtocolData from Removable Media1
Non-Standard Port
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information
Security Account Manager2
System Information Discovery
SMB/Windows Admin SharesData from Network Shared Drive1
Ingress Tool Transfer
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information
NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading
LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1664472 Sample: lmtyweWwbU.exe Startdate: 14/04/2025 Architecture: WINDOWS Score: 48 24 Sigma detected: Potentially Suspicious Malware Callback Communication 2->24 7 lmtyweWwbU.exe 1 2->7         started        process3 signatures4 26 Uses cmd line tools excessively to alter registry or file data 7->26 10 SystemHelper.exe 1 7->10         started        14 conhost.exe 7->14         started        16 attrib.exe 1 7->16         started        18 attrib.exe 1 7->18         started        process5 dnsIp6 22 96.9.125.200, 4443 2ICSYSTEMSINCCA Canada 10->22 28 Uses cmd line tools excessively to alter registry or file data 10->28 20 attrib.exe 1 10->20         started        signatures7 process8

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
lmtyweWwbU.exe1%VirustotalBrowse
lmtyweWwbU.exe0%ReversingLabs
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

No contacted domains info
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs
IPDomainCountryFlagASNASN NameMalicious
96.9.125.200
unknownCanada
302952ICSYSTEMSINCCAtrue
Joe Sandbox version:42.0.0 Malachite
Analysis ID:1664472
Start date and time:2025-04-14 11:12:19 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 48s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:17
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:lmtyweWwbU.exe
renamed because original name is a hash value
Original Sample Name:d3be4981a8db02dab1f214565fc5b0b6748ff6fa218b0bcc46a915229f8078f3.exe
Detection:MAL
Classification:mal48.winEXE@10/0@0/1
EGA Information:
  • Successful, ratio: 100%
HCA Information:
  • Successful, ratio: 93%
  • Number of executed functions: 13
  • Number of non-executed functions: 51
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 172.202.163.200, 184.28.213.193
  • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, otelrules.svc.static.microsoft, ctldl.windowsupdate.com, c.pki.goog, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
No simulations
No context
No context
MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
2ICSYSTEMSINCCAnborepadiktad.exeGet hashmaliciousWhiteSnake StealerBrowse
  • 96.9.124.250
gopawdkrjgh.exeGet hashmaliciousWhiteSnake StealerBrowse
  • 96.9.124.250
sora.mpsl.elfGet hashmaliciousMiraiBrowse
  • 69.67.173.63
f5m6aL0Mjl.exeGet hashmaliciousRHADAMANTHYSBrowse
  • 96.9.125.78
9ua5N7dcBZ.exeGet hashmaliciousAmadey, RHADAMANTHYSBrowse
  • 96.9.125.78
https://fingerlakesanglingzone.com/reportsGet hashmaliciousUnknownBrowse
  • 96.9.124.200
la.bot.sh4.elfGet hashmaliciousUnknownBrowse
  • 69.67.161.49
SecuriteInfo.com.Linux.Siggen.9999.32301.6786.elfGet hashmaliciousMiraiBrowse
  • 69.31.168.62
4gMPx4n6iT.elfGet hashmaliciousMiraiBrowse
  • 69.31.181.10
cX2zCKQ7Z2.elfGet hashmaliciousMiraiBrowse
  • 69.67.173.69
No context
No context
No created / dropped files found
File type:PE32+ executable (console) x86-64, for MS Windows
Entropy (8bit):6.292428629980115
TrID:
  • Win64 Executable Console (202006/5) 92.65%
  • Win64 Executable (generic) (12005/4) 5.51%
  • Generic Win/DOS Executable (2004/3) 0.92%
  • DOS Executable Generic (2002/1) 0.92%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:lmtyweWwbU.exe
File size:278'016 bytes
MD5:d436e0b4a9aa7b9a6641ea93c4dba8ae
SHA1:a33e3e532dc90f08e111eab0762bce9158fd37e2
SHA256:d3be4981a8db02dab1f214565fc5b0b6748ff6fa218b0bcc46a915229f8078f3
SHA512:78b226f55a3087cfa12227247f92c6fdb4f27e1e9bc03eb8c903b8e7fe0ee863553a2047715d0c050456798b60df9619b52cb06c8fe821f631cdda0acb8166a6
SSDEEP:6144:IiORg+StTT88UEaUpKU6lBITTIqY2nWcLOqlkY2ayjtdAVhHHK0/q0Mc:Iiu5j8UEkOrm
TLSH:B5443A217A559CACD94AC07883468A736572B4CA1B32F9FF02C445393F6FEF52E38658
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........P.C.1...1...1...I...1.......1.......1.......1.......1...I...1...1..V1...1...1....s..1.......1..Rich.1..........PE..d...~4.g...
Icon Hash:39d2c0daeafad051
Entrypoint:0x14002fd1c
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x140000000
Subsystem:windows cui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:0x67FC347E [Sun Apr 13 22:02:38 2025 UTC]
TLS Callbacks:0x40021b20, 0x1
CLR (.Net) Version:
OS Version Major:6
OS Version Minor:0
File Version Major:6
File Version Minor:0
Subsystem Version Major:6
Subsystem Version Minor:0
Import Hash:36a29e8472db44f83c8c0771c7937c8c
Instruction
dec eax
sub esp, 28h
call 00007FDFBC8C845Ch
dec eax
add esp, 28h
jmp 00007FDFBC8C7FF7h
int3
int3
int3
int3
int3
int3
int3
int3
nop word ptr [eax+eax+00000000h]
dec eax
sub esp, 10h
dec esp
mov dword ptr [esp], edx
dec esp
mov dword ptr [esp+08h], ebx
dec ebp
xor ebx, ebx
dec esp
lea edx, dword ptr [esp+18h]
dec esp
sub edx, eax
dec ebp
cmovb edx, ebx
dec esp
mov ebx, dword ptr [00000010h]
dec ebp
cmp edx, ebx
jnc 00007FDFBC8C8198h
inc cx
and edx, 8D4DF000h
wait
add al, dh
Programming Language:
  • [IMP] VS2008 SP1 build 30729
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x3f71c0x118.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x450000x18b0.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x420000x23a0.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x470000x4bc.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x397000x54.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x397800x28.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x395c00x140.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x320000x428.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x30b2f0x30c0057e8aa82890cfdcbe764b423637aea03False0.4995392628205128data6.285967484787889IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x320000xe6220xe800ded99f843977934864a950024b4575fdFalse0.3484307650862069370 XA sysV pure executable5.289124756054743IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x410000x3100x2000986951de0dd3ab6f041638c54850010False0.228515625data1.6518190552773089IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata0x420000x23a00x2400e4b52d43f1cf63b59b3eb05bf27421d5False0.4940321180555556data5.373019336555336IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc0x450000x18b00x1a001c86f22f25022d87c713c84503e5e7fbFalse0.8236177884615384data7.040790659875909IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x470000x4bc0x600bcbca46df6e1a9d81082be75c10e9e02False0.5481770833333334data4.807697483412515IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
NameRVASizeTypeLanguageCountryZLIB Complexity
RT_ICON0x453100x1588PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9299709724238027
RT_GROUP_ICON0x468980x14dataEnglishUnited States1.05
RT_VERSION0x450f00x21cdataEnglishUnited States0.4703703703703704
DLLImport
SHELL32.dllSHChangeNotify
api-ms-win-core-synch-l1-2-0.dllWaitOnAddress, WakeByAddressAll, WakeByAddressSingle
bcryptprimitives.dllProcessPrng
KERNEL32.dllGetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, IsDebuggerPresent, InitializeSListHead, GetSystemTimeAsFileTime, GetCurrentThreadId, CloseHandle, GetConsoleWindow, FreeEnvironmentStringsW, CompareStringOrdinal, GetLastError, AddVectoredExceptionHandler, SetThreadStackGuarantee, GetCurrentThread, WaitForSingleObject, QueryPerformanceCounter, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, SetLastError, GetCurrentDirectoryW, GetEnvironmentStringsW, GetEnvironmentVariableW, SetFileInformationByHandle, GetCurrentProcess, DuplicateHandle, GetStdHandle, GetCurrentProcessId, SetHandleInformation, WriteFileEx, SleepEx, GetExitCodeProcess, GetProcessHeap, HeapFree, HeapReAlloc, lstrlenW, ReleaseMutex, CreateFileW, CreateEventW, GetOverlappedResult, MoveFileExW, ReadFile, CancelIo, GetModuleHandleW, FormatMessageW, GetModuleFileNameW, ExitProcess, CreateNamedPipeW, ReadFileEx, WaitForMultipleObjects, GetFullPathNameW, GetSystemDirectoryW, GetWindowsDirectoryW, CreateProcessW, GetFileAttributesW, GetConsoleMode, GetConsoleOutputCP, MultiByteToWideChar, WriteConsoleW, WideCharToMultiByte, CreateThread, IsProcessorFeaturePresent, GetProcAddress, HeapAlloc, WaitForSingleObjectEx, LoadLibraryA, CreateMutexA
USER32.dllShowWindow
ntdll.dllRtlNtStatusToDosError, NtReadFile, NtWriteFile
WS2_32.dllrecv, send, WSASocketW, getaddrinfo, connect, WSAGetLastError, freeaddrinfo, WSACleanup, WSAStartup, closesocket
VCRUNTIME140.dll__C_specific_handler, __current_exception_context, _CxxThrowException, memmove, memset, memcmp, __CxxFrameHandler3, memcpy, __current_exception
api-ms-win-crt-runtime-l1-1-0.dllexit, _exit, _initterm_e, _initterm, _configure_narrow_argv, __p___argv, _cexit, _c_exit, _register_thread_local_exe_atexit_callback, _get_initial_narrow_environment, _set_app_type, _seh_filter_exe, _initialize_onexit_table, _register_onexit_function, _crt_atexit, terminate, __p___argc, _initialize_narrow_environment
api-ms-win-crt-math-l1-1-0.dll__setusermatherr
api-ms-win-crt-stdio-l1-1-0.dll_set_fmode, __p__commode
api-ms-win-crt-locale-l1-1-0.dll_configthreadlocale
api-ms-win-crt-heap-l1-1-0.dllfree, _set_new_mode
DescriptionData
FileDescriptionFreelancer_Contract_Viewer
ProductVersion0.1.0
SubSystemwindows
FileVersion0.1.0
ProductNameFreelancer_Contract_Viewer
Translation0x0000 0x04b0
Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Download Network PCAP: filteredfull

TimestampSource PortDest PortSource IPDest IP
Apr 14, 2025 11:13:21.245634079 CEST496924443192.168.2.896.9.125.200
Apr 14, 2025 11:13:22.230652094 CEST496924443192.168.2.896.9.125.200
Apr 14, 2025 11:13:24.230693102 CEST496924443192.168.2.896.9.125.200
Apr 14, 2025 11:13:28.230592966 CEST496924443192.168.2.896.9.125.200
Apr 14, 2025 11:13:36.230555058 CEST496924443192.168.2.896.9.125.200

Click to jump to process

Click to jump to process

  • File
  • Network

Click to dive into process behavior distribution

Target ID:0
Start time:05:13:19
Start date:14/04/2025
Path:C:\Users\user\Desktop\lmtyweWwbU.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\lmtyweWwbU.exe"
Imagebase:0x7ff6d34d0000
File size:278'016 bytes
MD5 hash:D436E0B4A9AA7B9A6641EA93C4DBA8AE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Target ID:1
Start time:05:13:19
Start date:14/04/2025
Path:C:\Windows\System32\conhost.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:0x7ff6e60e0000
File size:862'208 bytes
MD5 hash:0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

Target ID:3
Start time:05:13:19
Start date:14/04/2025
Path:C:\Windows\System32\attrib.exe
Wow64 process (32bit):false
Commandline:"attrib" +h +s C:\Users\user\Desktop\lmtyweWwbU.exe
Imagebase:0x7ff762130000
File size:23'040 bytes
MD5 hash:5037D8E6670EF1D89FB6AD435F12A9FD
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:moderate
Has exited:true

Target ID:4
Start time:05:13:19
Start date:14/04/2025
Path:C:\Windows\System32\attrib.exe
Wow64 process (32bit):false
Commandline:"attrib" +h +s C:\Users\user\Desktop\SystemHelper.exe
Imagebase:0x7ff762130000
File size:23'040 bytes
MD5 hash:5037D8E6670EF1D89FB6AD435F12A9FD
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:moderate
Has exited:true

Target ID:5
Start time:05:13:20
Start date:14/04/2025
Path:C:\Users\user\Desktop\SystemHelper.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\SystemHelper.exe"
Imagebase:0x7ff6d34d0000
File size:278'016 bytes
MD5 hash:D436E0B4A9AA7B9A6641EA93C4DBA8AE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true

Target ID:6
Start time:05:13:20
Start date:14/04/2025
Path:C:\Windows\System32\attrib.exe
Wow64 process (32bit):false
Commandline:"attrib" +h +s C:\Users\user\Desktop\SystemHelper.exe
Imagebase:0x7ff762130000
File size:23'040 bytes
MD5 hash:5037D8E6670EF1D89FB6AD435F12A9FD
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:moderate
Has exited:true

Execution Graph

Execution Coverage

Dynamic/Packed Code Coverage

Signature Coverage

Execution Coverage:3.7%
Dynamic/Decrypted Code Coverage:0%
Signature Coverage:11.2%
Total number of Nodes:374
Total number of Limit Nodes:8
Show Legend
Hide Nodes/Edges
execution_graph 16033 7ff6d34ede44 16040 7ff6d34ef560 16033->16040 16035 7ff6d34edeb7 16039 7ff6d34edefb 16035->16039 16048 7ff6d34f11a0 16035->16048 16037 7ff6d34edee7 16037->16039 16076 7ff6d34e5210 16037->16076 16043 7ff6d34ef58b 16040->16043 16042 7ff6d34ef5d9 16086 7ff6d34da8d0 16042->16086 16043->16042 16090 7ff6d35015f3 16043->16090 16047 7ff6d34ef691 16047->16035 16051 7ff6d34f11d4 16048->16051 16049 7ff6d34f135f SetLastError GetFullPathNameW 16050 7ff6d34f137f GetLastError 16049->16050 16049->16051 16050->16051 16052 7ff6d34f1478 GetLastError 16050->16052 16051->16049 16053 7ff6d34f13a0 GetLastError 16051->16053 16054 7ff6d3500ad0 17 API calls 16051->16054 16055 7ff6d34f140e 16051->16055 16064 7ff6d34f1228 16051->16064 16052->16064 16053->16051 16056 7ff6d34f1804 16053->16056 16054->16051 16058 7ff6d34f17f0 16055->16058 16069 7ff6d34f1417 16055->16069 16057 7ff6d3501750 17 API calls 16056->16057 16061 7ff6d34f1802 16057->16061 16272 7ff6d3501a80 16058->16272 16060 7ff6d34f155f 16062 7ff6d34f1649 memmove 16060->16062 16068 7ff6d3500ad0 17 API calls 16060->16068 16061->16037 16062->16064 16065 7ff6d34f166d 16062->16065 16063 7ff6d34f1553 16063->16060 16071 7ff6d34f183a 16063->16071 16064->16037 16067 7ff6d34da3a0 17 API calls 16065->16067 16066 7ff6d34f162a memmove 16066->16060 16066->16062 16067->16064 16070 7ff6d34f17e4 16068->16070 16069->16063 16069->16066 16072 7ff6d34f16d8 16069->16072 16070->16062 16073 7ff6d35015f3 17 API calls 16071->16073 16072->16063 16074 7ff6d34f181e 16072->16074 16073->16061 16075 7ff6d35015f3 17 API calls 16074->16075 16075->16061 16079 7ff6d34e522e 16076->16079 16077 7ff6d34e529b 16077->16039 16078 7ff6d34e52ef CreateFileW 16080 7ff6d34e53a0 GetLastError 16078->16080 16081 7ff6d34e5329 16078->16081 16079->16077 16079->16078 16080->16077 16081->16077 16082 7ff6d34e5341 GetLastError 16081->16082 16082->16077 16083 7ff6d34e5351 SetFileInformationByHandle 16082->16083 16083->16077 16084 7ff6d34e5375 SetFileInformationByHandle 16083->16084 16084->16077 16085 7ff6d34e53ce GetLastError CloseHandle 16084->16085 16085->16077 16088 7ff6d34da8f9 16086->16088 16087 7ff6d34daa53 16087->16047 16094 7ff6d34da3a0 16087->16094 16088->16087 16101 7ff6d3500ad0 16088->16101 16091 7ff6d3501602 16090->16091 16093 7ff6d350160a 16090->16093 16108 7ff6d34f9510 16091->16108 16095 7ff6d34da436 16094->16095 16096 7ff6d34da3d9 16094->16096 16097 7ff6d35015f3 17 API calls 16095->16097 16098 7ff6d35015f3 17 API calls 16096->16098 16100 7ff6d34da422 16096->16100 16097->16096 16099 7ff6d34da44e 16098->16099 16100->16047 16102 7ff6d3500ae5 16101->16102 16103 7ff6d35015f3 17 API calls 16102->16103 16106 7ff6d3500b29 16102->16106 16103->16106 16104 7ff6d35015f3 17 API calls 16105 7ff6d3500bac 16104->16105 16106->16104 16107 7ff6d3500b77 16106->16107 16107->16087 16111 7ff6d35016b0 16108->16111 16120 7ff6d34e39f0 16111->16120 16126 7ff6d34e2330 16120->16126 16129 7ff6d34e3d60 16126->16129 16128 7ff6d34e233f 16131 7ff6d34e3d83 16129->16131 16130 7ff6d34e3dd2 16132 7ff6d34e3ed6 17 API calls 16130->16132 16131->16130 16135 7ff6d34e3ed6 16131->16135 16134 7ff6d34e3e09 16132->16134 16134->16128 16136 7ff6d34e3f11 16135->16136 16137 7ff6d34e4008 16136->16137 16147 7ff6d34e3f19 16136->16147 16138 7ff6d34e4092 16137->16138 16139 7ff6d34e4010 16137->16139 16140 7ff6d34dd9a0 17 API calls 16138->16140 16210 7ff6d34dd9a0 16139->16210 16143 7ff6d34e408c 16140->16143 16146 7ff6d34dd9a0 17 API calls 16143->16146 16148 7ff6d34e413a 16146->16148 16147->16143 16152 7ff6d34e3124 16147->16152 16169 7ff6d34d5e90 16147->16169 16182 7ff6d34e4180 16147->16182 16192 7ff6d35011b0 16147->16192 16150 7ff6d34d5e90 17 API calls 16148->16150 16151 7ff6d34e4171 16150->16151 16151->16130 16153 7ff6d34e314d 16152->16153 16155 7ff6d34e3147 16152->16155 16153->16155 16215 7ff6d34de490 16153->16215 16219 7ff6d34dcc40 16155->16219 16157 7ff6d34e31b1 16158 7ff6d34e31d9 16157->16158 16159 7ff6d34e3268 16157->16159 16163 7ff6d34e31f0 16158->16163 16240 7ff6d3500ee0 16158->16240 16160 7ff6d34e3360 17 API calls 16159->16160 16162 7ff6d34e3241 16160->16162 16162->16147 16223 7ff6d34e3360 16163->16223 16170 7ff6d34d5eaa 16169->16170 16171 7ff6d34d5eac 16169->16171 16170->16147 16172 7ff6d3501439 16171->16172 16173 7ff6d35013a7 16171->16173 16245 7ff6d3501750 16172->16245 16175 7ff6d35013cf 16173->16175 16176 7ff6d35013ba WakeByAddressSingle 16173->16176 16178 7ff6d35013ee 16175->16178 16179 7ff6d35013d9 16175->16179 16180 7ff6d3501400 WakeByAddressSingle 16175->16180 16178->16147 16179->16178 16181 7ff6d3501424 WakeByAddressAll 16179->16181 16180->16178 16180->16181 16181->16178 16248 7ff6d34f2800 16182->16248 16185 7ff6d34dd9a0 17 API calls 16188 7ff6d34e41ee 16185->16188 16186 7ff6d34e42a0 16186->16147 16187 7ff6d34f939e 16187->16147 16188->16186 16189 7ff6d34e42a2 16188->16189 16257 7ff6d3501a70 16188->16257 16189->16187 16260 7ff6d35019e0 16189->16260 16199 7ff6d35011cc 16192->16199 16193 7ff6d3501350 16193->16147 16194 7ff6d350135b 16195 7ff6d35016b0 12 API calls 16194->16195 16197 7ff6d350138d 16195->16197 16196 7ff6d35012f2 WaitOnAddress 16198 7ff6d3501314 GetLastError 16196->16198 16196->16199 16200 7ff6d3501439 16197->16200 16201 7ff6d35013a7 16197->16201 16198->16199 16199->16193 16199->16194 16199->16196 16203 7ff6d3501750 12 API calls 16200->16203 16202 7ff6d35013cf 16201->16202 16205 7ff6d35013ba WakeByAddressSingle 16201->16205 16204 7ff6d35013d9 16202->16204 16207 7ff6d35013ee 16202->16207 16208 7ff6d3501400 WakeByAddressSingle 16202->16208 16206 7ff6d3501451 16203->16206 16204->16207 16209 7ff6d3501424 WakeByAddressAll 16204->16209 16207->16147 16208->16207 16208->16209 16209->16207 16212 7ff6d34dd9d7 16210->16212 16211 7ff6d34dd9e6 16211->16143 16212->16211 16213 7ff6d35016b0 17 API calls 16212->16213 16214 7ff6d34dda8a 16213->16214 16214->16143 16216 7ff6d34de4ac 16215->16216 16218 7ff6d34de4c2 16215->16218 16217 7ff6d34dbda0 17 API calls 16216->16217 16217->16218 16218->16155 16220 7ff6d34dcc57 16219->16220 16221 7ff6d3501460 17 API calls 16220->16221 16222 7ff6d34dcc94 16220->16222 16221->16222 16222->16157 16224 7ff6d34e1560 WaitOnAddress GetLastError 16223->16224 16225 7ff6d34e3383 16224->16225 16226 7ff6d34e33bc 16225->16226 16227 7ff6d34e33d7 16225->16227 16229 7ff6d34e3422 16226->16229 16230 7ff6d34e33c5 16226->16230 16228 7ff6d34e3415 16227->16228 16231 7ff6d34e33ff 16227->16231 16232 7ff6d34e3520 17 API calls 16228->16232 16233 7ff6d34e3444 16229->16233 16234 7ff6d34e342e 16229->16234 16235 7ff6d34e3520 17 API calls 16230->16235 16236 7ff6d34e3520 17 API calls 16231->16236 16237 7ff6d34e33d5 16232->16237 16239 7ff6d34e3520 17 API calls 16233->16239 16238 7ff6d34e3520 17 API calls 16234->16238 16235->16237 16236->16237 16238->16237 16239->16237 16244 7ff6d3500ef9 16240->16244 16241 7ff6d3500f20 16241->16163 16242 7ff6d3500f4c WaitOnAddress 16243 7ff6d3500f69 GetLastError 16242->16243 16242->16244 16243->16244 16244->16241 16244->16242 16246 7ff6d35016b0 17 API calls 16245->16246 16247 7ff6d350178d 16246->16247 16249 7ff6d34f280d 16248->16249 16250 7ff6d34e4195 16249->16250 16251 7ff6d34e3010 17 API calls 16249->16251 16250->16185 16252 7ff6d34f28c2 16251->16252 16253 7ff6d3501838 17 API calls 16252->16253 16254 7ff6d34f28e3 16253->16254 16255 7ff6d35016b0 17 API calls 16254->16255 16256 7ff6d34f292c 16255->16256 16258 7ff6d34ff7c0 17 API calls 16257->16258 16259 7ff6d3501a7f 16258->16259 16261 7ff6d35016b0 17 API calls 16260->16261 16262 7ff6d3501a60 16261->16262 16275 7ff6d34ff830 16272->16275 16276 7ff6d35016b0 17 API calls 16275->16276 16277 7ff6d34ff89e 16276->16277 16278 7ff6d34eddd0 16281 7ff6d34ee880 GetStdHandle 16278->16281 16280 7ff6d34eddd7 16282 7ff6d34ee89e 16281->16282 16286 7ff6d34ee8b8 16281->16286 16283 7ff6d34ee934 GetCurrentProcess DuplicateHandle 16282->16283 16284 7ff6d34ee8a8 GetLastError 16282->16284 16285 7ff6d34ee97c GetLastError 16283->16285 16283->16286 16284->16286 16285->16286 16286->16280 16287 7ff6d34ffba0 16288 7ff6d34ffbb9 16287->16288 16289 7ff6d34ffbc1 __scrt_acquire_startup_lock 16288->16289 16290 7ff6d34ffcf7 16288->16290 16292 7ff6d34ffd01 16289->16292 16293 7ff6d34ffbdf __scrt_release_startup_lock 16289->16293 16312 7ff6d3500124 IsProcessorFeaturePresent 16290->16312 16294 7ff6d3500124 9 API calls 16292->16294 16297 7ff6d34ffc04 16293->16297 16298 7ff6d34ffc8a _get_initial_narrow_environment __p___argv __p___argc 16293->16298 16301 7ff6d34ffc82 _register_thread_local_exe_atexit_callback 16293->16301 16295 7ff6d34ffd0c 16294->16295 16296 7ff6d34ffd14 _exit 16295->16296 16307 7ff6d34d33a0 16298->16307 16301->16298 16304 7ff6d34ffcb7 16305 7ff6d34ffcc1 16304->16305 16306 7ff6d34ffcbc _cexit 16304->16306 16305->16297 16306->16305 16318 7ff6d34dad20 AddVectoredExceptionHandler SetThreadStackGuarantee GetCurrentThread SetThreadDescription 16307->16318 16310 7ff6d3500274 GetModuleHandleW 16311 7ff6d34ffcb3 16310->16311 16311->16295 16311->16304 16313 7ff6d350014a 16312->16313 16314 7ff6d3500158 memset RtlCaptureContext RtlLookupFunctionEntry 16313->16314 16315 7ff6d3500192 RtlVirtualUnwind 16314->16315 16316 7ff6d35001ce memset IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16314->16316 16315->16316 16317 7ff6d350024e 16316->16317 16317->16292 16320 7ff6d34dad99 16318->16320 16323 7ff6d34dadb5 16318->16323 16319 7ff6d34dadf4 16330 7ff6d3500c60 16319->16330 16320->16319 16320->16323 16321 7ff6d34d33cc 16321->16310 16327 7ff6d34d1040 16323->16327 16325 7ff6d34daddc 16325->16321 16333 7ff6d3500fa0 16325->16333 16341 7ff6d34d1060 16327->16341 16331 7ff6d35016b0 17 API calls 16330->16331 16332 7ff6d3500c9c 16331->16332 16334 7ff6d3501094 16333->16334 16338 7ff6d3500fcd 16333->16338 16334->16334 16335 7ff6d350104e 16336 7ff6d3501082 16335->16336 16340 7ff6d350107c WakeByAddressAll 16335->16340 16336->16321 16337 7ff6d3501025 WaitOnAddress 16337->16338 16339 7ff6d3501042 GetLastError 16337->16339 16338->16335 16338->16336 16338->16337 16339->16338 16340->16336 16344 7ff6d34d1ae0 GetConsoleWindow 16341->16344 16342 7ff6d34d104c 16342->16325 16345 7ff6d34d1b10 16344->16345 16441 7ff6d34dc2f0 16345->16441 16348 7ff6d34d28b2 16350 7ff6d35019e0 17 API calls 16348->16350 16349 7ff6d34d1b2f 16444 7ff6d34e04d0 16349->16444 16355 7ff6d34d28e8 16350->16355 16352 7ff6d34d1b59 16353 7ff6d34d1b62 16352->16353 16354 7ff6d34d28ed 16352->16354 16356 7ff6d34e0b80 18 API calls 16353->16356 16357 7ff6d3501690 17 API calls 16354->16357 16355->16342 16358 7ff6d34d1b84 16356->16358 16357->16355 16359 7ff6d34e7e20 18 API calls 16358->16359 16360 7ff6d34d1ba1 16359->16360 16361 7ff6d34d28fe 16360->16361 16362 7ff6d34d1bcc 16360->16362 16363 7ff6d3501690 17 API calls 16361->16363 16364 7ff6d34e7f30 18 API calls 16362->16364 16363->16355 16365 7ff6d34d1bf3 16364->16365 16366 7ff6d34e7f30 18 API calls 16365->16366 16367 7ff6d34d1c0c 16366->16367 16368 7ff6d34e7f30 18 API calls 16367->16368 16369 7ff6d34d1c1b 16368->16369 16370 7ff6d34e0e20 174 API calls 16369->16370 16373 7ff6d34d1c2e 16370->16373 16371 7ff6d34d17f0 20 API calls 16372 7ff6d34d1cfa 16371->16372 16374 7ff6d34e0c80 17 API calls 16372->16374 16373->16371 16375 7ff6d34d1d26 16374->16375 16376 7ff6d34e0c80 17 API calls 16375->16376 16378 7ff6d34d1d55 16376->16378 16377 7ff6d34d1d9d 16379 7ff6d34d3990 18 API calls 16377->16379 16378->16377 16382 7ff6d34d1dc0 memcmp 16378->16382 16380 7ff6d34d1f0b 16379->16380 16381 7ff6d34d290f 16380->16381 16385 7ff6d34d1f13 16380->16385 16383 7ff6d34d1000 38 API calls 16381->16383 16382->16377 16382->16385 16384 7ff6d34d2929 16383->16384 16387 7ff6d34d2942 16384->16387 16389 7ff6d34d1720 closesocket 16384->16389 16386 7ff6d34f9940 17 API calls 16385->16386 16388 7ff6d34d1fe1 16386->16388 16390 7ff6d34e7e20 18 API calls 16387->16390 16391 7ff6d34d3580 41 API calls 16388->16391 16389->16387 16395 7ff6d34d295f 16390->16395 16392 7ff6d34d2009 16391->16392 16393 7ff6d34d2020 memset 16392->16393 16394 7ff6d34d278b 16392->16394 16440 7ff6d34d2060 16393->16440 16399 7ff6d34d2839 closesocket 16394->16399 16403 7ff6d34d27b8 16394->16403 16397 7ff6d34d2986 16395->16397 16398 7ff6d34d2997 16395->16398 16396 7ff6d34de250 recv WSAGetLastError 16396->16440 16400 7ff6d3501690 17 API calls 16397->16400 16401 7ff6d34d1130 18 API calls 16398->16401 16399->16403 16400->16355 16404 7ff6d34d29d9 16401->16404 16402 7ff6d34d2777 closesocket 16402->16394 16403->16342 16406 7ff6d34e0e20 174 API calls 16404->16406 16405 7ff6d34d285b 16409 7ff6d3501a80 17 API calls 16405->16409 16410 7ff6d34d29e9 16406->16410 16407 7ff6d34f9b00 19 API calls 16407->16440 16408 7ff6d34d26ee 16408->16402 16411 7ff6d34d286f 16409->16411 16413 7ff6d34d17f0 20 API calls 16410->16413 16411->16355 16412 7ff6d34e7e20 18 API calls 16412->16440 16414 7ff6d34d2a05 SHChangeNotify 16413->16414 16416 7ff6d34d1070 19 API calls 16414->16416 16415 7ff6d34e7f30 18 API calls 16415->16440 16417 7ff6d34d2a4e 16416->16417 16418 7ff6d34e0d90 138 API calls 16417->16418 16419 7ff6d34d2a5e 16418->16419 16420 7ff6d34d19b0 CloseHandle CloseHandle CloseHandle CloseHandle CloseHandle 16419->16420 16421 7ff6d34d2a6a 16420->16421 16423 7ff6d34d17f0 20 API calls 16421->16423 16422 7ff6d34e8050 CloseHandle 16422->16440 16424 7ff6d34d2a7a 16423->16424 16426 7ff6d34e12d0 ExitProcess WaitOnAddress GetLastError WakeByAddressAll 16424->16426 16425 7ff6d34e8090 CloseHandle 16425->16440 16426->16355 16427 7ff6d34e0e20 174 API calls 16427->16440 16428 7ff6d34d17f0 20 API calls 16428->16440 16429 7ff6d34d26b8 16432 7ff6d3500810 17 API calls 16429->16432 16430 7ff6d34d22f9 memmove 16430->16440 16431 7ff6d34dbac0 22 API calls 16431->16440 16433 7ff6d34d26c9 16432->16433 16437 7ff6d3500810 17 API calls 16433->16437 16434 7ff6d34d2874 16436 7ff6d35019e0 17 API calls 16434->16436 16435 7ff6d34d2384 memmove 16435->16440 16436->16411 16437->16408 16438 7ff6d34f9940 17 API calls 16438->16440 16439 7ff6d34d33e0 19 API calls 16439->16440 16440->16396 16440->16402 16440->16405 16440->16407 16440->16408 16440->16412 16440->16415 16440->16422 16440->16425 16440->16427 16440->16428 16440->16429 16440->16430 16440->16431 16440->16433 16440->16434 16440->16435 16440->16438 16440->16439 16447 7ff6d34e6790 16441->16447 16443 7ff6d34d1b23 16443->16348 16443->16349 16472 7ff6d34f0d10 16444->16472 16448 7ff6d34e6850 16447->16448 16451 7ff6d34e681c 16447->16451 16448->16451 16449 7ff6d3500ad0 17 API calls 16449->16451 16450 7ff6d34e688a SetLastError GetModuleFileNameW 16450->16451 16452 7ff6d34e689d GetLastError 16450->16452 16451->16448 16451->16449 16451->16450 16454 7ff6d34e68d1 GetLastError 16451->16454 16456 7ff6d34e693e 16451->16456 16452->16451 16453 7ff6d34e69af GetLastError 16452->16453 16460 7ff6d34e695d 16453->16460 16454->16451 16455 7ff6d34e69f7 16454->16455 16457 7ff6d3501750 17 API calls 16455->16457 16458 7ff6d34e69e3 16456->16458 16459 7ff6d34e694e 16456->16459 16462 7ff6d34e69f5 16457->16462 16461 7ff6d3501a80 17 API calls 16458->16461 16464 7ff6d34de2b0 16459->16464 16460->16443 16461->16462 16462->16443 16465 7ff6d34de300 16464->16465 16468 7ff6d34de2d9 16464->16468 16466 7ff6d35015f3 17 API calls 16465->16466 16467 7ff6d34de43c 16466->16467 16467->16460 16468->16465 16470 7ff6d34de305 16468->16470 16469 7ff6d34de404 16469->16460 16470->16469 16471 7ff6d34e2540 17 API calls 16470->16471 16471->16470 16473 7ff6d34f0d26 16472->16473 16474 7ff6d34f0fa3 16473->16474 16476 7ff6d3501a80 17 API calls 16473->16476 16479 7ff6d34f0eab 16473->16479 16480 7ff6d34e04f7 16473->16480 16475 7ff6d3501a70 17 API calls 16474->16475 16474->16480 16475->16479 16476->16474 16477 7ff6d3501a70 17 API calls 16478 7ff6d34f119d 16477->16478 16479->16477 16479->16480 16481 7ff6d34edf08 16482 7ff6d34edf1d 16481->16482 16483 7ff6d34edf41 CloseHandle 16482->16483 16484 7ff6d34edf54 16482->16484 16483->16484

Executed Functions

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: EnvironmentStrings$ErrorFreeLast
  • String ID: +h+s$.exeprogram not found$PATHlibrary\std\src\sys_common\process.rs$\?\\$]?\\$assertion failed: is_code_point_boundary(self, new_len)$assertion failed: self.height > 0$exe\\.\NUL
  • API String ID: 2773867918-936566986
  • Opcode ID: 74e60ae3f312558d97e96cd270dbf014c8830b4e3e7a1ca416577275b99136a3
  • Instruction ID: 9bbcdca6a4a6b63a0c84e11fb8fe1232b45321facb6ab804dc19caa738ff1d8e
  • Opcode Fuzzy Hash: 74e60ae3f312558d97e96cd270dbf014c8830b4e3e7a1ca416577275b99136a3
  • Instruction Fuzzy Hash: D2836A62A19BD188EB70CF25D8563EEA7A0FB45789F005136CA4DEBB99DF7D9250C300

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 1050 7ff6d34d1ae0-7ff6d34d1b0e GetConsoleWindow 1051 7ff6d34d1b10-7ff6d34d1b15 call 7ff6d34ffab6 1050->1051 1052 7ff6d34d1b1a-7ff6d34d1b29 call 7ff6d34dc2f0 1050->1052 1051->1052 1056 7ff6d34d28b2-7ff6d34d28e8 call 7ff6d35019e0 1052->1056 1057 7ff6d34d1b2f-7ff6d34d1b5c call 7ff6d34f0980 call 7ff6d34e04d0 1052->1057 1063 7ff6d34d2a88-7ff6d34d2ab6 1056->1063 1067 7ff6d34d1b62-7ff6d34d1bc6 call 7ff6d34e0b80 call 7ff6d34e7e20 call 7ff6d34f0980 call 7ff6d34dc310 1057->1067 1068 7ff6d34d28ed-7ff6d34d28f9 call 7ff6d3501690 1057->1068 1065 7ff6d34d2aca-7ff6d34d2adb 1063->1065 1066 7ff6d34d2ab8-7ff6d34d2ac5 call 7ff6d34d3b90 1063->1066 1066->1065 1080 7ff6d34d28fe-7ff6d34d290a call 7ff6d3501690 1067->1080 1081 7ff6d34d1bcc-7ff6d34d1c3b call 7ff6d34e7f30 * 3 call 7ff6d34e0e20 1067->1081 1068->1063 1080->1063 1092 7ff6d34d1c3d-7ff6d34d1c4c 1081->1092 1093 7ff6d34d1cb8 1081->1093 1094 7ff6d34d1c52-7ff6d34d1c79 1092->1094 1095 7ff6d34d1cea-7ff6d34d1d66 call 7ff6d34d17f0 call 7ff6d34f0980 call 7ff6d34e0c80 call 7ff6d34f0980 call 7ff6d34e0c80 1092->1095 1096 7ff6d34d1cba-7ff6d34d1cc7 call 7ff6d34d3b90 1093->1096 1097 7ff6d34d1ccc-7ff6d34d1cd6 1093->1097 1100 7ff6d34d1c84-7ff6d34d1c99 1094->1100 1101 7ff6d34d1c7b 1094->1101 1117 7ff6d34d1dde-7ff6d34d1dee 1095->1117 1118 7ff6d34d1d68-7ff6d34d1d75 1095->1118 1096->1097 1097->1095 1098 7ff6d34d1cd8-7ff6d34d1cdf 1097->1098 1103 7ff6d34d1ce5 call 7ff6d34d3b90 1098->1103 1105 7ff6d34d1ca4-7ff6d34d1cb6 1100->1105 1106 7ff6d34d1c9b-7ff6d34d1c9f call 7ff6d34d3b90 1100->1106 1101->1100 1103->1095 1105->1103 1106->1105 1119 7ff6d34d1df0-7ff6d34d1e13 1117->1119 1120 7ff6d34d1e1a-7ff6d34d1e85 1117->1120 1118->1117 1121 7ff6d34d1d77-7ff6d34d1d7e 1118->1121 1119->1120 1123 7ff6d34d1eb1-7ff6d34d1f0d call 7ff6d34d3990 1120->1123 1124 7ff6d34d1e87-7ff6d34d1eaa 1120->1124 1121->1117 1122 7ff6d34d1d80-7ff6d34d1d87 1121->1122 1122->1117 1125 7ff6d34d1d89-7ff6d34d1d92 1122->1125 1130 7ff6d34d1f13-7ff6d34d1f1d 1123->1130 1131 7ff6d34d290f-7ff6d34d2930 call 7ff6d34d1000 1123->1131 1124->1123 1127 7ff6d34d1d94-7ff6d34d1d9b 1125->1127 1128 7ff6d34d1d9f-7ff6d34d1da9 1125->1128 1132 7ff6d34d1dc0-7ff6d34d1dd8 memcmp 1127->1132 1133 7ff6d34d1d9d 1127->1133 1134 7ff6d34d1db1-7ff6d34d1dbe 1128->1134 1135 7ff6d34d1dab-7ff6d34d1dad 1128->1135 1136 7ff6d34d1f1f-7ff6d34d1f2c call 7ff6d34d3b90 1130->1136 1137 7ff6d34d1f31-7ff6d34d1f3b 1130->1137 1146 7ff6d34d2942-7ff6d34d2984 call 7ff6d34e7e20 call 7ff6d34f0980 call 7ff6d34dc310 1131->1146 1147 7ff6d34d2932-7ff6d34d293d call 7ff6d34d1720 1131->1147 1132->1117 1132->1130 1133->1117 1134->1117 1134->1132 1135->1132 1138 7ff6d34d1daf 1135->1138 1136->1137 1141 7ff6d34d1f4f-7ff6d34d201a call 7ff6d34f9940 call 7ff6d34d3580 1137->1141 1142 7ff6d34d1f3d-7ff6d34d1f4a call 7ff6d34d3b90 1137->1142 1138->1117 1156 7ff6d34d2020-7ff6d34d2052 memset 1141->1156 1157 7ff6d34d278b-7ff6d34d2795 1141->1157 1142->1141 1167 7ff6d34d2986-7ff6d34d2992 call 7ff6d3501690 1146->1167 1168 7ff6d34d2997-7ff6d34d2a83 call 7ff6d34d1130 call 7ff6d34e0e20 call 7ff6d34d1a40 call 7ff6d34d17f0 SHChangeNotify call 7ff6d34d1070 call 7ff6d34e0d90 call 7ff6d34d19b0 call 7ff6d34d17f0 call 7ff6d34e12d0 1146->1168 1147->1146 1161 7ff6d34d2060-7ff6d34d2077 call 7ff6d34de250 1156->1161 1159 7ff6d34d27af-7ff6d34d27b6 1157->1159 1160 7ff6d34d2797-7ff6d34d27ac call 7ff6d34d3b90 1157->1160 1164 7ff6d34d2834-7ff6d34d2837 1159->1164 1165 7ff6d34d27b8-7ff6d34d27c7 1159->1165 1160->1159 1178 7ff6d34d2701-7ff6d34d270a 1161->1178 1179 7ff6d34d207d-7ff6d34d2080 1161->1179 1169 7ff6d34d2846-7ff6d34d285a 1164->1169 1170 7ff6d34d2839-7ff6d34d2840 closesocket 1164->1170 1165->1169 1172 7ff6d34d27c9-7ff6d34d27f0 1165->1172 1167->1063 1168->1063 1170->1169 1176 7ff6d34d27f2 1172->1176 1177 7ff6d34d27fb-7ff6d34d2810 1172->1177 1176->1177 1182 7ff6d34d2812-7ff6d34d2816 call 7ff6d34d3b90 1177->1182 1183 7ff6d34d281b-7ff6d34d2832 call 7ff6d34d3b90 1177->1183 1181 7ff6d34d2777-7ff6d34d2784 closesocket 1178->1181 1186 7ff6d34d270c-7ff6d34d2735 1178->1186 1180 7ff6d34d2086-7ff6d34d208d 1179->1180 1179->1181 1189 7ff6d34d2093-7ff6d34d2150 call 7ff6d34f9b00 call 7ff6d34e7e20 call 7ff6d34e7f30 * 3 call 7ff6d34e8050 call 7ff6d34e8090 call 7ff6d34e0e20 call 7ff6d34d17f0 1180->1189 1190 7ff6d34d285b-7ff6d34d286f call 7ff6d3501a80 1180->1190 1181->1157 1182->1183 1183->1169 1187 7ff6d34d2740-7ff6d34d2755 1186->1187 1188 7ff6d34d2737 1186->1188 1195 7ff6d34d2760-7ff6d34d2772 call 7ff6d34d3b90 1187->1195 1196 7ff6d34d2757-7ff6d34d275b call 7ff6d34d3b90 1187->1196 1188->1187 1233 7ff6d34d2270-7ff6d34d22f3 call 7ff6d34f9b00 1189->1233 1234 7ff6d34d2156-7ff6d34d21f7 call 7ff6d34f9940 1189->1234 1190->1063 1195->1181 1196->1195 1239 7ff6d34d26b8-7ff6d34d26d0 call 7ff6d3500810 1233->1239 1240 7ff6d34d22f9-7ff6d34d2333 memmove 1233->1240 1241 7ff6d34d242f-7ff6d34d243e call 7ff6d34dbac0 1234->1241 1242 7ff6d34d21fd-7ff6d34d2224 1234->1242 1263 7ff6d34d26dc-7ff6d34d26f5 call 7ff6d3500810 1239->1263 1243 7ff6d34d2343-7ff6d34d237e call 7ff6d34f9b00 1240->1243 1244 7ff6d34d2335-7ff6d34d233e call 7ff6d34d3b90 1240->1244 1255 7ff6d34d2874-7ff6d34d28ad call 7ff6d35019e0 1241->1255 1256 7ff6d34d2444-7ff6d34d24e8 call 7ff6d34f0980 call 7ff6d34f9940 1241->1256 1247 7ff6d34d222f-7ff6d34d2244 1242->1247 1248 7ff6d34d2226 1242->1248 1262 7ff6d34d2384-7ff6d34d23b8 memmove 1243->1262 1243->1263 1244->1243 1253 7ff6d34d224f-7ff6d34d2261 1247->1253 1254 7ff6d34d2246-7ff6d34d224a call 7ff6d34d3b90 1247->1254 1248->1247 1259 7ff6d34d242a call 7ff6d34d3b90 1253->1259 1254->1253 1255->1063 1278 7ff6d34d24ea-7ff6d34d24f7 call 7ff6d34d3b90 1256->1278 1279 7ff6d34d24fc-7ff6d34d25c1 call 7ff6d34f9940 call 7ff6d34d33e0 1256->1279 1259->1241 1266 7ff6d34d23ba-7ff6d34d23c3 call 7ff6d34d3b90 1262->1266 1267 7ff6d34d23c8-7ff6d34d23ea 1262->1267 1263->1178 1266->1267 1272 7ff6d34d2401-7ff6d34d241b 1267->1272 1273 7ff6d34d23ec-7ff6d34d23fc call 7ff6d34d3b90 1267->1273 1272->1241 1277 7ff6d34d241d-7ff6d34d2423 1272->1277 1273->1272 1277->1259 1278->1279 1285 7ff6d34d25c3-7ff6d34d25ec 1279->1285 1286 7ff6d34d262e-7ff6d34d2638 1279->1286 1287 7ff6d34d25ee 1285->1287 1288 7ff6d34d25f7-7ff6d34d260c 1285->1288 1289 7ff6d34d263a-7ff6d34d2647 call 7ff6d34d3b90 1286->1289 1290 7ff6d34d264c-7ff6d34d2656 1286->1290 1287->1288 1291 7ff6d34d260e-7ff6d34d2612 call 7ff6d34d3b90 1288->1291 1292 7ff6d34d2617-7ff6d34d2629 call 7ff6d34d3b90 1288->1292 1289->1290 1294 7ff6d34d266a-7ff6d34d2674 1290->1294 1295 7ff6d34d2658-7ff6d34d2665 call 7ff6d34d3b90 1290->1295 1291->1292 1292->1286 1299 7ff6d34d2676-7ff6d34d2683 call 7ff6d34d3b90 1294->1299 1300 7ff6d34d2688-7ff6d34d2695 1294->1300 1295->1294 1299->1300 1300->1161 1302 7ff6d34d269b 1300->1302 1302->1161 1303 7ff6d34d26a1-7ff6d34d26b3 call 7ff6d34d3b90 1302->1303 1303->1161
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: ConsoleWindowmemcmpmemset
  • String ID: 96.9.125.200:$SystemHelper.exeattrib+h+s$called `Result::unwrap()` on an `Err` valuesrc\main.rs$powershell-NoProfile-CommandFailed:
  • API String ID: 229161744-4265087233
  • Opcode ID: c8c1d68abef6f3159179bfb79c8e54515be5a4b3739bac9073881af563461858
  • Instruction ID: a7a0c4f54c37fe5537cab4124160f091f09254b860346886837305271b1deaf5
  • Opcode Fuzzy Hash: c8c1d68abef6f3159179bfb79c8e54515be5a4b3739bac9073881af563461858
  • Instruction Fuzzy Hash: AD924C66604AC588EB708F21EC523ED63A1FB8578CF444036CE4CEBB9ADF399265C740

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 1306 7ff6d34e0e20-7ff6d34e0e72 call 7ff6d34e80d0 1309 7ff6d34e1068-7ff6d34e1079 1306->1309 1310 7ff6d34e0e78-7ff6d34e0ea7 1306->1310 1311 7ff6d34e1099-7ff6d34e10af 1309->1311 1312 7ff6d34e0eaf-7ff6d34e0eff 1310->1312 1313 7ff6d34e0ea9 CloseHandle 1310->1313 1314 7ff6d34e0f5e-7ff6d34e0f60 1312->1314 1315 7ff6d34e0f01-7ff6d34e0f07 1312->1315 1313->1312 1316 7ff6d34e0f62-7ff6d34e0f79 call 7ff6d34e59f0 1314->1316 1317 7ff6d34e0fb4-7ff6d34e0fc4 WaitForSingleObject 1314->1317 1318 7ff6d34e0f8e-7ff6d34e0fa5 call 7ff6d34e59f0 1315->1318 1319 7ff6d34e0f0d-7ff6d34e0f1b call 7ff6d34e7680 1315->1319 1336 7ff6d34e0f7f-7ff6d34e0f8c CloseHandle 1316->1336 1337 7ff6d34e10b0-7ff6d34e10dc call 7ff6d35019e0 1316->1337 1322 7ff6d34e1012-7ff6d34e1028 GetExitCodeProcess 1317->1322 1323 7ff6d34e0fc6-7ff6d34e0fd5 GetLastError 1317->1323 1338 7ff6d34e10de-7ff6d34e1105 call 7ff6d35019e0 1318->1338 1339 7ff6d34e0fab-7ff6d34e0fae CloseHandle 1318->1339 1325 7ff6d34e0f20-7ff6d34e0f27 1319->1325 1322->1323 1326 7ff6d34e102a-7ff6d34e1045 1322->1326 1329 7ff6d34e0fd7-7ff6d34e0fe1 call 7ff6d34d3b90 1323->1329 1330 7ff6d34e0fe6-7ff6d34e0ff1 1323->1330 1325->1317 1332 7ff6d34e0f2d-7ff6d34e0f59 call 7ff6d35019e0 1325->1332 1335 7ff6d34e1049-7ff6d34e1063 CloseHandle * 2 1326->1335 1329->1330 1333 7ff6d34e0ff3-7ff6d34e0ffd call 7ff6d34d3b90 1330->1333 1334 7ff6d34e1002-7ff6d34e1010 1330->1334 1346 7ff6d34e110a-7ff6d34e1147 CloseHandle 1332->1346 1333->1334 1334->1335 1343 7ff6d34e1065 1335->1343 1344 7ff6d34e107b-7ff6d34e1096 1335->1344 1336->1317 1337->1346 1338->1346 1339->1317 1343->1309 1344->1311
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: CloseHandle$CodeEnvironmentErrorExitLastObjectProcessSingleStringsWait
  • String ID: +h+s$called `Result::unwrap()` on an `Err` value
  • API String ID: 2735310334-1599662052
  • Opcode ID: 4d4f5c242cc3d4af45188a03a80120aefa6abb48eb4bbdade81a95a872c2f4c3
  • Instruction ID: 520bbdff145bf22eed2c1e1527e82f5b29cbacf174551d66d213e568dafdf610
  • Opcode Fuzzy Hash: 4d4f5c242cc3d4af45188a03a80120aefa6abb48eb4bbdade81a95a872c2f4c3
  • Instruction Fuzzy Hash: 48912A36A04B8699EB10CF62E8413EDB760FB4479CF144136EE5DA3A98DF79E1A5C340

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 1349 7ff6d34d1000-7ff6d34e5446 call 7ff6d34f0980 * 2 call 7ff6d34ef560 1357 7ff6d34e555d-7ff6d34e5570 1349->1357 1358 7ff6d34e544c-7ff6d34e547a call 7ff6d34f11a0 1349->1358 1361 7ff6d34e5484-7ff6d34e54a9 call 7ff6d34ef560 1358->1361 1362 7ff6d34e547c-7ff6d34e547f 1358->1362 1365 7ff6d34e54de-7ff6d34e54e2 1361->1365 1366 7ff6d34e54ab-7ff6d34e54d9 call 7ff6d34f11a0 1361->1366 1362->1357 1368 7ff6d34e54e6-7ff6d34e54e9 1365->1368 1371 7ff6d34e54db 1366->1371 1372 7ff6d34e5507-7ff6d34e5527 MoveFileExW 1366->1372 1368->1357 1370 7ff6d34e54eb-7ff6d34e5505 call 7ff6d34d3b90 1368->1370 1370->1357 1371->1365 1375 7ff6d34e5571-7ff6d34e557a GetLastError 1372->1375 1376 7ff6d34e5529-7ff6d34e552c 1372->1376 1377 7ff6d34e55f3-7ff6d34e55fb 1375->1377 1378 7ff6d34e557c-7ff6d34e55c1 call 7ff6d34e5210 1375->1378 1379 7ff6d34e5542-7ff6d34e5545 1376->1379 1380 7ff6d34e552e-7ff6d34e553d call 7ff6d34d3b90 1376->1380 1384 7ff6d34e572d-7ff6d34e5730 1377->1384 1389 7ff6d34e55c3-7ff6d34e55ee call 7ff6d34d56f0 1378->1389 1390 7ff6d34e5600-7ff6d34e560f 1378->1390 1381 7ff6d34e555b 1379->1381 1382 7ff6d34e5547-7ff6d34e5556 call 7ff6d34d3b90 1379->1382 1380->1379 1381->1357 1382->1381 1384->1368 1388 7ff6d34e5736-7ff6d34e5750 call 7ff6d34d3b90 1384->1388 1388->1368 1389->1384 1393 7ff6d34e5615-7ff6d34e5633 call 7ff6d34fef30 1390->1393 1394 7ff6d34e56db-7ff6d34e56e5 1390->1394 1400 7ff6d34e5755-7ff6d34e57a1 call 7ff6d35019e0 1393->1400 1401 7ff6d34e5639-7ff6d34e5660 call 7ff6d34d3b80 1393->1401 1396 7ff6d34e5721-7ff6d34e572a CloseHandle 1394->1396 1396->1384 1406 7ff6d34e57a3-7ff6d34e57b4 call 7ff6d34d3b90 1400->1406 1407 7ff6d34e57b9-7ff6d34e57ca 1400->1407 1408 7ff6d34e56e7-7ff6d34e56f5 1401->1408 1409 7ff6d34e5666-7ff6d34e56be memmove SetFileInformationByHandle call 7ff6d34d3b90 1401->1409 1406->1407 1408->1396 1413 7ff6d34e56c0-7ff6d34e56d0 CloseHandle 1409->1413 1414 7ff6d34e56f7-7ff6d34e571e GetLastError 1409->1414 1413->1380 1415 7ff6d34e56d6 1413->1415 1414->1396 1415->1379
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: ErrorFileLastMove
  • String ID: called `Result::unwrap()` on an `Err` value
  • API String ID: 55378915-2333694755
  • Opcode ID: a8617a16626a3037c86329d4917c2494ec6af09127abfceec438aa53081fcd60
  • Instruction ID: 172180813b3611acfdef6a2acaabb2d6ed4ecc1cedc4fa84364e7b0f96d10655
  • Opcode Fuzzy Hash: a8617a16626a3037c86329d4917c2494ec6af09127abfceec438aa53081fcd60
  • Instruction Fuzzy Hash: B8A1DF66B04B5585EB10CF62E9423ADA7A1BB48BE8F044532ED5DFBB89DF3CD1618340

Control-flow Graph

APIs
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: __p___argc__p___argv__scrt_acquire_startup_lock__scrt_release_startup_lock_cexit_exit_get_initial_narrow_environment_register_thread_local_exe_atexit_callback
  • String ID:
  • API String ID: 1133592946-0
  • Opcode ID: 90eaca60c96de90c4d48f7279ca6165ddfdf825a69647cdd433849f946516a16
  • Instruction ID: 557112cf6e3a8f0141ac68216658d5bafed0dd968b0674633ac8d98deb2625b5
  • Opcode Fuzzy Hash: 90eaca60c96de90c4d48f7279ca6165ddfdf825a69647cdd433849f946516a16
  • Instruction Fuzzy Hash: 89315222A0C59B42FA50AB26D4133BDD391AF85788F484137EA4EE72D7DF2DE425C750

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 1467 7ff6d34e7680-7ff6d34e76c9 call 7ff6d34e79d0 1470 7ff6d34e76cb-7ff6d34e76d5 CloseHandle 1467->1470 1471 7ff6d34e76da-7ff6d34e770e call 7ff6d34e79d0 1467->1471 1472 7ff6d34e78f6-7ff6d34e790c 1470->1472 1475 7ff6d34e7714-7ff6d34e775a 1471->1475 1476 7ff6d34e78e9-7ff6d34e78f1 call 7ff6d34d5ba0 1471->1476 1478 7ff6d34e7760-7ff6d34e7777 WaitForMultipleObjects 1475->1478 1476->1472 1479 7ff6d34e77c0-7ff6d34e77c7 1478->1479 1480 7ff6d34e7779-7ff6d34e777b 1478->1480 1481 7ff6d34e7895-7ff6d34e789b call 7ff6d34e7af0 1479->1481 1482 7ff6d34e77cd-7ff6d34e77d0 1479->1482 1483 7ff6d34e78cf-7ff6d34e78d5 GetLastError 1480->1483 1484 7ff6d34e7781-7ff6d34e7788 1480->1484 1497 7ff6d34e78a0-7ff6d34e78a4 1481->1497 1486 7ff6d34e77d2-7ff6d34e77d6 1482->1486 1487 7ff6d34e77db-7ff6d34e77f8 GetOverlappedResult 1482->1487 1485 7ff6d34e78d8-7ff6d34e78dc 1483->1485 1489 7ff6d34e781f-7ff6d34e7825 call 7ff6d34e7af0 1484->1489 1490 7ff6d34e778e-7ff6d34e7791 1484->1490 1493 7ff6d34e78e0-7ff6d34e78e4 call 7ff6d34d5ba0 1485->1493 1494 7ff6d34e7880-7ff6d34e7893 1486->1494 1495 7ff6d34e785e-7ff6d34e7867 GetLastError 1487->1495 1496 7ff6d34e77fa-7ff6d34e77fd 1487->1496 1508 7ff6d34e782a-7ff6d34e782e 1489->1508 1491 7ff6d34e7793-7ff6d34e77b0 GetOverlappedResult 1490->1491 1492 7ff6d34e7802 1490->1492 1499 7ff6d34e7843-7ff6d34e784c GetLastError 1491->1499 1500 7ff6d34e77b6-7ff6d34e77b9 1491->1500 1505 7ff6d34e7806-7ff6d34e7819 1492->1505 1493->1476 1494->1481 1504 7ff6d34e78b0-7ff6d34e78b9 call 7ff6d34e7c10 1494->1504 1501 7ff6d34e787d-7ff6d34e787f 1495->1501 1502 7ff6d34e7869-7ff6d34e7875 1495->1502 1496->1494 1506 7ff6d34e78bb-7ff6d34e78bf 1497->1506 1507 7ff6d34e78a6-7ff6d34e78aa 1497->1507 1513 7ff6d34e784e-7ff6d34e785a 1499->1513 1514 7ff6d34e7879-7ff6d34e787b 1499->1514 1500->1505 1501->1494 1502->1494 1509 7ff6d34e7877 1502->1509 1519 7ff6d34e78ca-7ff6d34e78cd 1504->1519 1505->1489 1510 7ff6d34e78c1-7ff6d34e78c5 call 7ff6d34e7c10 1505->1510 1506->1493 1507->1478 1507->1504 1508->1506 1512 7ff6d34e7834-7ff6d34e7838 1508->1512 1509->1485 1510->1519 1512->1478 1518 7ff6d34e783e 1512->1518 1513->1505 1516 7ff6d34e785c 1513->1516 1514->1505 1516->1485 1518->1510 1519->1493
APIs
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: CloseCreateEventHandleMultipleObjectsOverlappedResultWait
  • String ID:
  • API String ID: 67592891-0
  • Opcode ID: 0a8052104270a8ad8137e5a62fd41aed2110fa1fef0e1f62bf8bf560bc9cdfa4
  • Instruction ID: 33a857d81ee7c649eacdbb8fcb6e94787824e18c9915003a3d5a7e5e27742bbd
  • Opcode Fuzzy Hash: 0a8052104270a8ad8137e5a62fd41aed2110fa1fef0e1f62bf8bf560bc9cdfa4
  • Instruction Fuzzy Hash: C6713F22E0879589FB10CB65DC423AD6BA0BB147A8F108936DE0DF6B99DF7CD5A4C350

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 1520 7ff6d34e5210-7ff6d34e522c 1521 7ff6d34e5235-7ff6d34e5238 1520->1521 1522 7ff6d34e522e-7ff6d34e5231 1520->1522 1523 7ff6d34e5272-7ff6d34e5285 1521->1523 1524 7ff6d34e523a-7ff6d34e523e 1521->1524 1522->1524 1525 7ff6d34e5233 1522->1525 1528 7ff6d34e528b-7ff6d34e528f 1523->1528 1529 7ff6d34e53c6-7ff6d34e53cd 1523->1529 1526 7ff6d34e5240-7ff6d34e5244 1524->1526 1527 7ff6d34e524a-7ff6d34e5252 1524->1527 1525->1527 1526->1527 1530 7ff6d34e53b7-7ff6d34e53bc 1526->1530 1531 7ff6d34e5254-7ff6d34e525b 1527->1531 1532 7ff6d34e525f-7ff6d34e5261 1527->1532 1528->1529 1533 7ff6d34e5295-7ff6d34e5299 1528->1533 1530->1529 1534 7ff6d34e5263 1531->1534 1535 7ff6d34e525d 1531->1535 1532->1534 1536 7ff6d34e52a0-7ff6d34e52ae 1532->1536 1533->1527 1537 7ff6d34e529b 1533->1537 1538 7ff6d34e5268-7ff6d34e526b 1534->1538 1535->1538 1539 7ff6d34e52b0-7ff6d34e52b4 1536->1539 1540 7ff6d34e526d-7ff6d34e5270 1536->1540 1537->1529 1538->1539 1538->1540 1542 7ff6d34e52d0-7ff6d34e52d3 1539->1542 1543 7ff6d34e52b6-7ff6d34e52ce 1539->1543 1541 7ff6d34e52ef-7ff6d34e5327 CreateFileW 1540->1541 1546 7ff6d34e53a0-7ff6d34e53b5 GetLastError 1541->1546 1547 7ff6d34e5329-7ff6d34e5332 1541->1547 1544 7ff6d34e52d5-7ff6d34e52dd 1542->1544 1545 7ff6d34e52e1-7ff6d34e52e4 1542->1545 1543->1541 1548 7ff6d34e52df 1544->1548 1549 7ff6d34e52ea 1544->1549 1545->1530 1545->1549 1546->1529 1547->1529 1550 7ff6d34e5338-7ff6d34e533b 1547->1550 1548->1541 1549->1541 1550->1529 1551 7ff6d34e5341-7ff6d34e534f GetLastError 1550->1551 1552 7ff6d34e5351-7ff6d34e5373 SetFileInformationByHandle 1551->1552 1553 7ff6d34e5399-7ff6d34e539e 1551->1553 1552->1553 1554 7ff6d34e5375-7ff6d34e5397 SetFileInformationByHandle 1552->1554 1553->1529 1554->1553 1555 7ff6d34e53ce-7ff6d34e53ef GetLastError CloseHandle 1554->1555 1555->1529
APIs
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: ErrorFileHandleLast$Information$CloseCreate
  • String ID:
  • API String ID: 807093259-0
  • Opcode ID: 6d234da3b22784b09a0a0a0c0ad7ced8d87911eb9a247c201e6f4122e4485eaf
  • Instruction ID: 29883b99bcb8205db361e14a206e3b28405355a8c72583616f07d4e764ec95f9
  • Opcode Fuzzy Hash: 6d234da3b22784b09a0a0a0c0ad7ced8d87911eb9a247c201e6f4122e4485eaf
  • Instruction Fuzzy Hash: 4551E161F0C39283F7718721A50677EE6A19B54794F1441B2CA8EF3AC5CFACE8A5C710

Control-flow Graph

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: Thread$CurrentDescriptionExceptionGuaranteeHandlerStackVectored
  • String ID: main
  • API String ID: 3663057573-3207122276
  • Opcode ID: 33833b6c031e308096934f59b8d0a09351507286b2fd2f6400ff40e5924aa52a
  • Instruction ID: 35b50c73bc575ceee7bb0b51c25c8b8212faaf0a7a41584aa69cd65ac1172fd1
  • Opcode Fuzzy Hash: 33833b6c031e308096934f59b8d0a09351507286b2fd2f6400ff40e5924aa52a
  • Instruction Fuzzy Hash: C6416F35B05A8A85EB50CF56E8912BDB361BB88BA9F444233C91DE37A4DF3CD565C300

Control-flow Graph

APIs
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: ErrorHandleLast$CurrentDuplicateProcess
  • String ID:
  • API String ID: 3697983210-0
  • Opcode ID: 5b7cff6705c8bfd35229831c3ec50f34cefd192835895f072371284ca78f0f57
  • Instruction ID: 5427474ab28407675684c86c69e53462bba65f8f311c6c908031d47017bafb6f
  • Opcode Fuzzy Hash: 5b7cff6705c8bfd35229831c3ec50f34cefd192835895f072371284ca78f0f57
  • Instruction Fuzzy Hash: 11316131B18B0585FB508B62D4563BE67A1BB84BA4F14863ACEADE77C4CF3DD0958710

Control-flow Graph

APIs
  • GetFileAttributesW.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,+h+s,?,?), ref: 00007FF6D34EDCEA
Strings
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: AttributesFile
  • String ID: +h+s
  • API String ID: 3188754299-2949623892
  • Opcode ID: 66e2604e2c0477ed7538994ef2a187748ebe69c79d80b5ea9034998717c53cd2
  • Instruction ID: dad542e0e508abe35fc6a70c5b33fe472bda0fe0cb1be4e908694f0003c0ab0b
  • Opcode Fuzzy Hash: 66e2604e2c0477ed7538994ef2a187748ebe69c79d80b5ea9034998717c53cd2
  • Instruction Fuzzy Hash: 05313D32B06B5588EB10CF65E8513ACA7B4BB45BA8F144536CE5DE7B95DF3CD0618310

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 1614 7ff6d34e7c10-7ff6d34e7c38 1615 7ff6d34e7c40-7ff6d34e7c46 1614->1615 1616 7ff6d34e7c98-7ff6d34e7ca7 call 7ff6d34e7af0 1615->1616 1617 7ff6d34e7c48-7ff6d34e7c4b 1615->1617 1628 7ff6d34e7cc9 1616->1628 1629 7ff6d34e7ca9-7ff6d34e7cad 1616->1629 1618 7ff6d34e7c80 1617->1618 1619 7ff6d34e7c4d-7ff6d34e7c6a GetOverlappedResult 1617->1619 1623 7ff6d34e7c84-7ff6d34e7c96 1618->1623 1621 7ff6d34e7cb1-7ff6d34e7cb7 GetLastError 1619->1621 1622 7ff6d34e7c6c-7ff6d34e7c6f 1619->1622 1625 7ff6d34e7cc5-7ff6d34e7cc7 1621->1625 1626 7ff6d34e7cb9-7ff6d34e7cc1 1621->1626 1622->1623 1623->1616 1627 7ff6d34e7ccd-7ff6d34e7cdc 1623->1627 1625->1623 1626->1623 1630 7ff6d34e7cc3-7ff6d34e7ce8 1626->1630 1628->1627 1629->1615 1631 7ff6d34e7caf 1629->1631 1630->1627 1631->1627
APIs
  • GetOverlappedResult.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFE,?,?), ref: 00007FF6D34E7C65
  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFE,?,?), ref: 00007FF6D34E7CB1
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: ErrorLastOverlappedResult
  • String ID:
  • API String ID: 185562886-0
  • Opcode ID: fd14382938965edaa474283f7af42ccaa5c6d18af4ec9f8d2be760deeb5437d6
  • Instruction ID: 5d4174ba516dd54902495fde5197d983ea4861d2b5bedd561bc3867dfd50a73c
  • Opcode Fuzzy Hash: fd14382938965edaa474283f7af42ccaa5c6d18af4ec9f8d2be760deeb5437d6
  • Instruction Fuzzy Hash: 72213E22B087A695FB24CB62995137DAE64BB487A8F148477CE0DF7784DE2CE5A18300

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 1633 7ff6d34e6a70-7ff6d34e6a7a ExitProcess
APIs
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: ExitProcess
  • String ID:
  • API String ID: 621844428-0
  • Opcode ID: bb589b8c88dd0f620da579cd0f5e27c13e32509cb0d3174da0de9347dfbd15c3
  • Instruction ID: 68db0d2fa83080d3c144527135c2127e0e516bb16fbe558be2ea4d1e37b1b910
  • Opcode Fuzzy Hash: bb589b8c88dd0f620da579cd0f5e27c13e32509cb0d3174da0de9347dfbd15c3
  • Instruction Fuzzy Hash: D3A01221524C88C9E2306731D8090589334B758305F840021C18C004208E1CD1558600

Control-flow Graph

  • Executed
  • Not Executed
control_flow_graph 1650 7ff6d34edf08-7ff6d34edf18 call 7ff6d34e6a90 1652 7ff6d34edf1d-7ff6d34edf2b 1650->1652 1653 7ff6d34edf31-7ff6d34edf3f 1652->1653 1654 7ff6d34ee028-7ff6d34ee030 1652->1654 1655 7ff6d34edf54-7ff6d34edf61 1653->1655 1656 7ff6d34edf41-7ff6d34edf51 CloseHandle 1653->1656 1657 7ff6d34ee437-7ff6d34ee442 1654->1657 1655->1657 1656->1655
APIs
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: CloseHandle
  • String ID:
  • API String ID: 2962429428-0
  • Opcode ID: 04c7abc5097deba932cc329b0e9186fb76f2ac2c722cd1b49e24ee1f39766a37
  • Instruction ID: 5b7c2f8e1ff58e35cf72144b0cc5993eb8f3291832b4927033ebec5574902690
  • Opcode Fuzzy Hash: 04c7abc5097deba932cc329b0e9186fb76f2ac2c722cd1b49e24ee1f39766a37
  • Instruction Fuzzy Hash: 2BF06D32A0478145EB218F25E9413AEA291AB44FE8F48C031CE4CEB7C5CE3DA5D9C300

Non-executed Functions

APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: AddressProc$CurrentProcess$Mutex$CloseCreateHandleLibraryLoadObjectReleaseSingleWaitlstrlenmemset
  • String ID: EnumerateLoadedModulesW64$SymGetOptions$SymGetSearchPathW$SymInitializeW$SymSetOptions$SymSetSearchPathW$assertion failed: len >= 0$dbghelp.dll
  • API String ID: 18767598-310313858
  • Opcode ID: 87b5e29da37547dccb3cdd2ebccb8dd45b43f35e05e89978e6d4aeecae1f1e85
  • Instruction ID: e8dd43f836acc71ca75b63af2d5b4580f01f62bff371fc22f3ab3733788a5364
  • Opcode Fuzzy Hash: 87b5e29da37547dccb3cdd2ebccb8dd45b43f35e05e89978e6d4aeecae1f1e85
  • Instruction Fuzzy Hash: 05E19C21B09A5686FB108F22E8467BDA3A0BF48798F084536DE5DE7794EF3DE164C304
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: ErrorLast$FullNamePath
  • String ID: \\?\$\\?\UNC\
  • API String ID: 2482867836-3019864461
  • Opcode ID: 856ddbaa7b32748b50f2c5b152b3a88fdb34e88d613bef07fa1273d73f1255e9
  • Instruction ID: 719e2fb0bd84b8ffba7782b1238b921ef1ff136aeda435c50155006f563c7f1d
  • Opcode Fuzzy Hash: 856ddbaa7b32748b50f2c5b152b3a88fdb34e88d613bef07fa1273d73f1255e9
  • Instruction Fuzzy Hash: C602C262A0868685EB708F55D4063BDA3A5FB04B98F088537DE5DEBB94DF3CD6A5C300
APIs
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
  • String ID:
  • API String ID: 313767242-0
  • Opcode ID: 6a807dc3b2c72e8a44790306001abe4d407ffcd024ff4738d933d91dcd268949
  • Instruction ID: 92c37bc80a642362eb65aae20080da69f0ee5b979f1c0c149e162a96fec86ef3
  • Opcode Fuzzy Hash: 6a807dc3b2c72e8a44790306001abe4d407ffcd024ff4738d933d91dcd268949
  • Instruction Fuzzy Hash: DF319E72608B8586EB608F62E8513EDB361FB84749F44403ADB4E97B98EF3DC258C700
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: ErrorFormatHandleLastMessageModulememset
  • String ID: NTDLL.DLL
  • API String ID: 1434010500-1613819793
  • Opcode ID: 063ffaf93443631f2d478b7fbd1cdf2bd3c27428606a271180fe0f9e02669633
  • Instruction ID: df85d4d0c66ed10e0544a4f37a2c77ae5cb5ded15f9aa4c1777550270cb9d3e7
  • Opcode Fuzzy Hash: 063ffaf93443631f2d478b7fbd1cdf2bd3c27428606a271180fe0f9e02669633
  • Instruction Fuzzy Hash: 13A19C36A09BC284E736CF21D8057FCA6A0BB453A4F44413ACA9DE6B95DF7C96A5D300
APIs
Strings
  • __rust_end_short_backtrace__rust_begin_short_backtraces [... omitted frame ...], xrefs: 00007FF6D34FD0A1
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: memcmp
  • String ID: __rust_end_short_backtrace__rust_begin_short_backtraces [... omitted frame ...]
  • API String ID: 1475443563-1231577002
  • Opcode ID: 5ebb8ceb033c0d7217db66242564321363cf5d67930480026b8f8ca6b474d52c
  • Instruction ID: 34769d6b34c299a2ec91fca5782f6a74d7127dcccd8641233a9bcd9eda6c76f0
  • Opcode Fuzzy Hash: 5ebb8ceb033c0d7217db66242564321363cf5d67930480026b8f8ca6b474d52c
  • Instruction Fuzzy Hash: 19322662E0869685FB118B65A402AFCA751BB557E8F844733EE8EF3689DF3CD155C300
APIs
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
  • String ID:
  • API String ID: 2933794660-0
  • Opcode ID: a48d8addc7e316d515ad7bb4e0af664b66e390c9a172f2212fe5bf00532013a0
  • Instruction ID: 2f13763c1e7ffb340ef645bbe226b57113bfc692a5a0032e8b2bd6cd91ad83c8
  • Opcode Fuzzy Hash: a48d8addc7e316d515ad7bb4e0af664b66e390c9a172f2212fe5bf00532013a0
  • Instruction Fuzzy Hash: 0E111826B14B058AEB00CF61E8562AC73A4FB19799F440E32DA6D967A4DF78D168C740
APIs
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: FileObjectReadSingleWait
  • String ID:
  • API String ID: 631497895-0
  • Opcode ID: 48df2269a7b53f8d124459123b759143cf34784917d3122b594ae08f15cc44eb
  • Instruction ID: feb44e28b61568f736b0a488e000a7b1599edd382bdfe121cc83231efe0fa710
  • Opcode Fuzzy Hash: 48df2269a7b53f8d124459123b759143cf34784917d3122b594ae08f15cc44eb
  • Instruction Fuzzy Hash: B3818522B05B9589EB10CF25D5552AD6360FB087A8F544A72EE2DF77C4DF3CE4A58300
APIs
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: ErrorFileObjectSingleStatusWaitWrite
  • String ID:
  • API String ID: 3447438843-0
  • Opcode ID: 38994e9378a27918e7d61546cfcb851761bb9edc0d43296c3d0e46e79b72fbaf
  • Instruction ID: 11411d10e577fdd9bf4a4100cbf139aed538454b9f44dfddce5575a3a37a392a
  • Opcode Fuzzy Hash: 38994e9378a27918e7d61546cfcb851761bb9edc0d43296c3d0e46e79b72fbaf
  • Instruction Fuzzy Hash: 50317C32A14B818AE710CF35E8413AD77A4FB48358F548232EA8DD2B98EF3CD1A5C700
Strings
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: memcmp
  • String ID: .llvm./rust/deps\rustc-demangle-0.1.24\src\lib.rs$__ZN$`fmt::Error`s should be impossible without a `fmt::Formatter`
  • API String ID: 1475443563-898947652
  • Opcode ID: 27c76308de8fedce15fa74c3de40ad259249838babb7568c5eaacadce3183ecc
  • Instruction ID: b5e1ceb32b6ca1fce1a5900f89a02b115c0170b11cbcbc7296604dbcec3ce9c0
  • Opcode Fuzzy Hash: 27c76308de8fedce15fa74c3de40ad259249838babb7568c5eaacadce3183ecc
  • Instruction Fuzzy Hash: 62625762E0C5A245F7A58B2198063BDAB61BB15798F484233DE6EFB6C4DF3CD964C300
APIs
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: ErrorFileObjectReadSingleStatusWait
  • String ID:
  • API String ID: 3583596364-0
  • Opcode ID: 8cb1b2950b0192ba39fac8278ab127f5d4e47bfa13269cca44aac9028c51aecc
  • Instruction ID: cfa686a670216c428b2d8fcfb5aadd45b819dfd883bf949ad6f3d19362928c87
  • Opcode Fuzzy Hash: 8cb1b2950b0192ba39fac8278ab127f5d4e47bfa13269cca44aac9028c51aecc
  • Instruction Fuzzy Hash: 7B31A332A14B818AE750CF74E8457ED73A5EB48358F548231EA4ED2B98EF3CD1A5C300
APIs
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: ErrorLastrecv
  • String ID:
  • API String ID: 2514157807-0
  • Opcode ID: f30d5b90075e076290a39d6d358aa374eafe5a83ad31bc2260e3979ec8f12219
  • Instruction ID: 747a131c5c2628134ee0c2948a899d3f264635680d10cb3985ab7cc84fff735d
  • Opcode Fuzzy Hash: f30d5b90075e076290a39d6d358aa374eafe5a83ad31bc2260e3979ec8f12219
  • Instruction Fuzzy Hash: 7DF0E521B0854686FB3402B6A45A33E9282AB89779FA84331C87EDA7D0DF1C95E14300
APIs
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: memcmp
  • String ID:
  • API String ID: 1475443563-0
  • Opcode ID: befc191b3607c03911a2eeedab1f5b74f69f50d8bf05d76a9f7b34d0e9db0df4
  • Instruction ID: b7257f13941d4265c0b5c4454c4f0a27cbced69a7e672cf6105767da31cef6e1
  • Opcode Fuzzy Hash: befc191b3607c03911a2eeedab1f5b74f69f50d8bf05d76a9f7b34d0e9db0df4
  • Instruction Fuzzy Hash: 25C14B22B1C6A542FA54CB228815BBFA751B700B95F8C9532DE4EE3BC0DF3DE5A59300
APIs
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: memmove
  • String ID:
  • API String ID: 2162964266-0
  • Opcode ID: 09ead8ae22a9f678e0afcd436b8ed1b13d25ecab2a4b6423cc19afc710c4effe
  • Instruction ID: e303dd34f01857f66ef93f118d7a1252f5faf5ece143dad577afdee8849348e6
  • Opcode Fuzzy Hash: 09ead8ae22a9f678e0afcd436b8ed1b13d25ecab2a4b6423cc19afc710c4effe
  • Instruction Fuzzy Hash: EAA1ED22F19A5585FB50CB22E8067BDA7A0BF85788F448636DE1DA7B84DF3CE595C300
APIs
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: memmove
  • String ID:
  • API String ID: 2162964266-0
  • Opcode ID: bfdd58eceb348985c70949a203d559a279bccd114a88580ee092d6670aabbd74
  • Instruction ID: 7f7f7eb26d81df497ce0b2ef970191465708aac589c424c8108c9dfb2b9cf972
  • Opcode Fuzzy Hash: bfdd58eceb348985c70949a203d559a279bccd114a88580ee092d6670aabbd74
  • Instruction Fuzzy Hash: 1A712222B0664699FF148A66D8023FDB760BB44798F484937DE5DA77C6DE3CD2A1C320
Strings
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID:
  • String ID: 0123456789abcdefBorrowMutErroralready borrowed:
  • API String ID: 0-1320686809
  • Opcode ID: cff3b81a152a68af3c11e422c6747823cd71d391286798a0cd8d004250de175f
  • Instruction ID: 481e9091fe14f01684b9b266e2ae76a04f9a828297ac693fad995a2f7a582a84
  • Opcode Fuzzy Hash: cff3b81a152a68af3c11e422c6747823cd71d391286798a0cd8d004250de175f
  • Instruction Fuzzy Hash: 39515F63B196F09EF33187785401EAC7FA19B11B48F098095CFD86BF96CA1AC129E761
Strings
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID:
  • String ID: 0123456789abcdef
  • API String ID: 0-1757737011
  • Opcode ID: ae0b264afda1bb4ee36adef3a6f2a6fdcd0280b107d50b2d65126c5647b23264
  • Instruction ID: d30fe8ad86d2bebd77ff881f568e11d170df5e1e6764bca23a24b08e22b3b22a
  • Opcode Fuzzy Hash: ae0b264afda1bb4ee36adef3a6f2a6fdcd0280b107d50b2d65126c5647b23264
  • Instruction Fuzzy Hash: C4510893B396F19EE3219B38840166C7F719B16744F0840A5CFD85BF96C61BC134EB91
APIs
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: HeapProcess
  • String ID:
  • API String ID: 54951025-0
  • Opcode ID: ba3843fa14d71a9afaf3bf546d96b0d0233b5bb930036e6c6f2859228b8a349f
  • Instruction ID: 8bd434678a26af5af85f89a5b218391ce1beaec41e64a1655691a6c4931393bd
  • Opcode Fuzzy Hash: ba3843fa14d71a9afaf3bf546d96b0d0233b5bb930036e6c6f2859228b8a349f
  • Instruction Fuzzy Hash: 9AE0C213F4995986F62617A7A8811B88290AFDCBEAF1C8031CF1C92780ED3CD9E38710
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 1af7a84c1973de48db45c686f6e70b5ad21abf27e87473aaf2867ac57fe4dc81
  • Instruction ID: 19a4d0a190abc4e15f176b7aa4de3cbb17a79964670005237483788d9fd37539
  • Opcode Fuzzy Hash: 1af7a84c1973de48db45c686f6e70b5ad21abf27e87473aaf2867ac57fe4dc81
  • Instruction Fuzzy Hash: A8E18B96E2AB9601F723433954036B897006FB37E4A05D337FDA9F1BD5DF29A2929304
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 28ebcbae177fa21c4c9d2db39c4594c1ad24c6c265d0818e4561ac82ca5d039d
  • Instruction ID: be6df7a178fdb766759743bdf171a013b66329033240ede37d3ab14ae48e3b02
  • Opcode Fuzzy Hash: 28ebcbae177fa21c4c9d2db39c4594c1ad24c6c265d0818e4561ac82ca5d039d
  • Instruction Fuzzy Hash: 60C14892E0C2D245F7218B65940277EEB919742764F9C9332CA6DF76D0CE7D99B2D300
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: f1c2ba2e7f2323371a74e774ed58dbce8568105049910fb679fa3795461acfd3
  • Instruction ID: 0a0069b162a67fc75f3e3dff8e3159e9188ceacfe00e71f34680265cc090d9b3
  • Opcode Fuzzy Hash: f1c2ba2e7f2323371a74e774ed58dbce8568105049910fb679fa3795461acfd3
  • Instruction Fuzzy Hash: D2D1F062A18B5282EA65CB55940237EABA1FF50798F015633DE9EF77E0DF7CE5608300
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 131cc5725294e9c444d8c95861a4833b241e892aa6dacbb4adcd38c5698c79db
  • Instruction ID: 8d3ebef6bb0fc599e51d33baac170ab8490e5bc48a99a31bd21b8a4340373d6a
  • Opcode Fuzzy Hash: 131cc5725294e9c444d8c95861a4833b241e892aa6dacbb4adcd38c5698c79db
  • Instruction Fuzzy Hash: 26C18D32F1A4A146F2A18A28851567DBB51AF517B9F0D4332CE3AE23E4EE7DD961C700
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: b8005d9a2cbc8911cdd68848e74bc1f2e69e9ebe8131348bd924abfe94df93a6
  • Instruction ID: 846d275753f989624b3086a816a8d9321d27a650b204ec6d0744e95a75190d79
  • Opcode Fuzzy Hash: b8005d9a2cbc8911cdd68848e74bc1f2e69e9ebe8131348bd924abfe94df93a6
  • Instruction Fuzzy Hash: 00A16A27E0969645FB608B71E5027FEA7A1AB41788F484433DE4DE3A94CE7CA5F6C340
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: bc4f5debda7e273ba8b9ac16d27b21b97a1b3bca713a962f16aaa22fd6a81127
  • Instruction ID: acbb2c21f49073f8f1d0b70652dd72cf6a212e326f526772d6e478f816b20d3e
  • Opcode Fuzzy Hash: bc4f5debda7e273ba8b9ac16d27b21b97a1b3bca713a962f16aaa22fd6a81127
  • Instruction Fuzzy Hash: BCA11422A08A9695E7118F21D9013BDB7A0FB46798F488132CF9DE7784DFBDD5A6C340
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: 00255f296dc66b294dd65752686819104dd031d2d238505cb628f4971243d254
  • Instruction ID: 2ac30749938f06a0fae38d5f7df1be20483ba87cdf418a1716821ec04003b021
  • Opcode Fuzzy Hash: 00255f296dc66b294dd65752686819104dd031d2d238505cb628f4971243d254
  • Instruction Fuzzy Hash: 6D614752F196D248F321DF2448022BDAF61BB56388F189172DAAAF76E5CE7DD022D310
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID:
  • String ID:
  • API String ID:
  • Opcode ID: a95c09293253489ebf8132741973aeb1f16b2ea04a0a30f3396dac04e4785d60
  • Instruction ID: 8eed5bdb93d8adfcdbad84ea2c57d7cb79ad4b259e40a3952de33cecf64cb60b
  • Opcode Fuzzy Hash: a95c09293253489ebf8132741973aeb1f16b2ea04a0a30f3396dac04e4785d60
  • Instruction Fuzzy Hash: 4FA0022590CD0BD0F6448B02E9A2038A330FB50349F404233C00DF2470EF3EA8A5C301
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: memmove
  • String ID: assertion failed: old_left_len >= count$assertion failed: old_right_len + count <= CAPACITY
  • API String ID: 2162964266-1889375005
  • Opcode ID: 98eeb9f1055991272f6c4855f6be01142e1b736703fe412fc1bd7e05ecf3261c
  • Instruction ID: 4c9c9bf8e3968cc166fbedbb806ba1522d7c9a96c972c6a7c8f3cec08d4880ae
  • Opcode Fuzzy Hash: 98eeb9f1055991272f6c4855f6be01142e1b736703fe412fc1bd7e05ecf3261c
  • Instruction Fuzzy Hash: 2632C462914BC882E7568F28E8023FDA374FF58798F549322DF8D63655DF39A2A5C300
APIs
  • GetCurrentProcess.KERNEL32(?,?,?,?,?,00000001,00000000,?,00007FF6D34F21D9), ref: 00007FF6D34F2388
  • GetProcAddress.KERNEL32(?,?,?,?,00000001,00000000,?,00007FF6D34F21D9), ref: 00007FF6D34F23C0
  • GetProcAddress.KERNEL32(?,?,?,?,00000001,00000000,?,00007FF6D34F21D9), ref: 00007FF6D34F23FA
  • GetProcAddress.KERNEL32(?,?,?,?,00000001,00000000,?,00007FF6D34F21D9), ref: 00007FF6D34F2460
  • GetProcAddress.KERNEL32(?,?,?,?,00000001,00000000,?,00007FF6D34F21D9), ref: 00007FF6D34F2493
  • memset.VCRUNTIME140(?,?,?,?,00000001,00000000,?,00007FF6D34F21D9), ref: 00007FF6D34F25B0
Strings
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: AddressProc$CurrentProcessmemset
  • String ID: SymAddrIncludeInlineTrace$SymFromInlineContextW$SymGetLineFromInlineContextW$SymQueryInlineTrace
  • API String ID: 3017635649-3384281969
  • Opcode ID: a8fd4004f6d30cedab294656d58e363b4eb94c0d0a4f86d8887aab600e2d2934
  • Instruction ID: edb4aee54a8a15aa45fb80896c0652dc3c14477dca9a9e00dd730012cbece066
  • Opcode Fuzzy Hash: a8fd4004f6d30cedab294656d58e363b4eb94c0d0a4f86d8887aab600e2d2934
  • Instruction Fuzzy Hash: 1AB16D35A09AC689E7718F15E8423EDB3A0FB447D8F044136EA5DA7B58DF7D92A5C300
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: memmove
  • String ID: assertion failed: new_left_len <= CAPACITY
  • API String ID: 2162964266-3316943531
  • Opcode ID: 0ab012618e32522a899e17589b9b5da8098de30be2dd1013d6859d5e2057c80e
  • Instruction ID: eb9d6e8997e4dc99f85fe9f840849ee27fe0cec0e7db313b7c7ffd35976932e9
  • Opcode Fuzzy Hash: 0ab012618e32522a899e17589b9b5da8098de30be2dd1013d6859d5e2057c80e
  • Instruction Fuzzy Hash: 1A22CF32614BC585DB61CF28E8453ED73A8FB98788F548232DE8DA7795DF3992A5C300
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: Handle$CloseErrorLast$CreateCurrentDuplicateProcessThread
  • String ID: RUST_MIN_STACKfatal runtime error: something here is badly broken!$failed to spawn thread
  • API String ID: 4152547513-2688294036
  • Opcode ID: 2ac6805eee62272696b31a7e1f23047961a96289fbd890656303bc65f767d612
  • Instruction ID: 18cdc57394e43d2ad145db8e60ace630c22ccfa7aa980a5cdc9bbee4d31a0a0e
  • Opcode Fuzzy Hash: 2ac6805eee62272696b31a7e1f23047961a96289fbd890656303bc65f767d612
  • Instruction Fuzzy Hash: 48F17F22908BC589E761CF65D8413EDA7A0FB44788F088136DE4DE7B99DF3D96A5C340
APIs
Strings
  • stack backtrace:, xrefs: 00007FF6D34E174B
  • note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.__rust_end_short_backtrace__rust_begin_short_backtraces [... omitted frame ...], xrefs: 00007FF6D34E1A80
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: ErrorLast$CaptureContextCurrentDirectoryEntryFunctionLookupmemset
  • String ID: note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.__rust_end_short_backtrace__rust_begin_short_backtraces [... omitted frame ...]$stack backtrace:
  • API String ID: 3347127084-3486849450
  • Opcode ID: daa63e6adda8ece9e6210a25b12def9b3dc05e647b5230fff2beaea3dbfbd3cf
  • Instruction ID: 25c093ee77f57ad5349f10442144ee3fb07df2bde46f35801aa9d31870ca7bbb
  • Opcode Fuzzy Hash: daa63e6adda8ece9e6210a25b12def9b3dc05e647b5230fff2beaea3dbfbd3cf
  • Instruction Fuzzy Hash: 3AC11826605FC188EB708F25EC513EE77A4FB45799F44112ACA4DABB99DF389294CB00
APIs
Strings
  • assertion failed: old_left_len + count <= CAPACITY, xrefs: 00007FF6D34D8EA2
  • assertion failed: match track_edge_idx { LeftOrRight::Left(idx) => idx <= old_left_len, LeftOrRight::Right(idx) => idx <= right_len,}, xrefs: 00007FF6D34D9CBC, 00007FF6D34D9CD6
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: memmove
  • String ID: assertion failed: match track_edge_idx { LeftOrRight::Left(idx) => idx <= old_left_len, LeftOrRight::Right(idx) => idx <= right_len,}$assertion failed: old_left_len + count <= CAPACITY
  • API String ID: 2162964266-77976654
  • Opcode ID: 91be5c1c38b5776940463a3e12816a08ad78f4c4bf70c20d187f08985be168f2
  • Instruction ID: 1c7850303c29cb726fbd1cd72a3a4dec029e6092a3232c9043477e54cb7e8d73
  • Opcode Fuzzy Hash: 91be5c1c38b5776940463a3e12816a08ad78f4c4bf70c20d187f08985be168f2
  • Instruction Fuzzy Hash: 81B1C562914AC981E7458F29E8423FDA374FFA4798F499332DE4D63365DF38A295C300
APIs
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: ErrorLast$FullNamePathmemcmpmemmove
  • String ID:
  • API String ID: 2319842497-0
  • Opcode ID: 52328ebc5aa32788b9c6690510f7f09ff0fe035a7d4db79920dcd67c30abfa3d
  • Instruction ID: f6c9b4cc3c440c81560a11a4e8756702fd79796c74c4ee3bea81271572b1a354
  • Opcode Fuzzy Hash: 52328ebc5aa32788b9c6690510f7f09ff0fe035a7d4db79920dcd67c30abfa3d
  • Instruction Fuzzy Hash: D9B17D62A04BC685EB758F21E8467EDA355FB44BD8F048036DE5DEBB89CE3DD2658300
APIs
  • freeaddrinfo.WS2_32(?,?,?,?,?,?,?,?,00000002,?,?,00000001,?,?,00007FF6D34DE19A), ref: 00007FF6D34DDDA4
Strings
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: freeaddrinfo
  • String ID: $assertion failed: len >= mem::size_of::<c::sockaddr_in6>()$assertion failed: len >= mem::size_of::<c::sockaddr_in>()library\std\src\sys\net\connection\socket.rs
  • API String ID: 2731292433-1984122431
  • Opcode ID: 91b0d018951ebabc00718dca490462d990410a8c08fa3d0328ac04f35b270379
  • Instruction ID: 535f6cab37d597b75652ee1e2a49bde517075a4bdae5c3d8010a37517d44fa96
  • Opcode Fuzzy Hash: 91b0d018951ebabc00718dca490462d990410a8c08fa3d0328ac04f35b270379
  • Instruction Fuzzy Hash: B3A1CF72B04A55CAE714CF52E4422AD7BB0FB88B98F51813ADE49A3784CF3DD5A5C340
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: ConsoleHandle$CloseErrorLastModeOutput
  • String ID: called `Result::unwrap()` on an `Err` value
  • API String ID: 841666474-2333694755
  • Opcode ID: 0bff7d7f5b2a8327b4ff97474a302545f5bf111b20a2dc17edbe1c34f87a03b2
  • Instruction ID: be3bb600b7cb5647dc3445dba24cf7e090dcfd1808c65b5860c9c01eb415b387
  • Opcode Fuzzy Hash: 0bff7d7f5b2a8327b4ff97474a302545f5bf111b20a2dc17edbe1c34f87a03b2
  • Instruction Fuzzy Hash: F191C062A0979688FB10CB6194423FEAB60BB05798F484537DE5EF3A89DF3DD1A5C310
APIs
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: ErrorLast$Socket$HandleInformationclosesocket
  • String ID:
  • API String ID: 3114377017-0
  • Opcode ID: 01a9f0181150d39e0e0eb74cea150dec15ffc1c5b46924c35c5b68e9aeb0b3b0
  • Instruction ID: e3abeb50858d94c059f288701a799525eb87cdd32ef357833437c97ec6311365
  • Opcode Fuzzy Hash: 01a9f0181150d39e0e0eb74cea150dec15ffc1c5b46924c35c5b68e9aeb0b3b0
  • Instruction Fuzzy Hash: 2121C631F0815987F7200B76A845B2EA650BB887F9F184331DD6EE3BD4DE7D98968B00
APIs
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: ErrorLast$FullNamePathmemmove
  • String ID:
  • API String ID: 2429493883-0
  • Opcode ID: 8d28676f2eef97ff957e3374e9136987e3c36d63638e227bc63bc2388a2b3af5
  • Instruction ID: c8be0b4e04d6f56e8fc59ea0427c5dc544960d152b13b689901b277a152d9b1a
  • Opcode Fuzzy Hash: 8d28676f2eef97ff957e3374e9136987e3c36d63638e227bc63bc2388a2b3af5
  • Instruction Fuzzy Hash: 8FB17D62A04B8285EB658B22D8163EDA255FF44BD8F048136DE5DEBB89DF3DD2618300
APIs
  • memset.VCRUNTIME140 ref: 00007FF6D34E1F87
    • Part of subcall function 00007FF6D34E7460: ReadFileEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6D34D48E0), ref: 00007FF6D34E74B7
    • Part of subcall function 00007FF6D34E7460: SleepEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6D34D48E0), ref: 00007FF6D34E74DA
  • WriteFileEx.KERNEL32 ref: 00007FF6D34E203F
  • SleepEx.KERNEL32 ref: 00007FF6D34E205A
  • GetLastError.KERNEL32 ref: 00007FF6D34E2089
  • CloseHandle.KERNEL32 ref: 00007FF6D34E2127
  • CloseHandle.KERNEL32 ref: 00007FF6D34E212C
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: CloseFileHandleSleep$ErrorLastReadWritememset
  • String ID:
  • API String ID: 78123985-0
  • Opcode ID: 0168f3d553456825f67070c16f83d12341ae1867f4dec35a2907005a98c09a7c
  • Instruction ID: dbc693263a5aac111d240aa5b3eb0dbb97945493ac96a71f71ee38b517788880
  • Opcode Fuzzy Hash: 0168f3d553456825f67070c16f83d12341ae1867f4dec35a2907005a98c09a7c
  • Instruction Fuzzy Hash: 1B714A26604AC684EB71DF25E8427FDA360FB487D9F444132EE5DABB98DF39D2919300
APIs
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: ErrorLast$EnvironmentVariable
  • String ID:
  • API String ID: 2691138088-0
  • Opcode ID: 0b8f5f7d19e902fd4ad3e3cf4bd93ef8e6a8eaa2b6355bd38295b5dfad08274f
  • Instruction ID: ff4caeaf5ece00eeb1425dc6cd1b4e143081f7ec4146826c8ae1ecbd3f06ae7b
  • Opcode Fuzzy Hash: 0b8f5f7d19e902fd4ad3e3cf4bd93ef8e6a8eaa2b6355bd38295b5dfad08274f
  • Instruction Fuzzy Hash: C3A1A062B04BC584EB758F62E9553EDA364FB84B98F048136CE5CEB789DE3CD6918340
APIs
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: ErrorLast$FileModuleName
  • String ID:
  • API String ID: 1026760046-0
  • Opcode ID: be93ae174fec49e0e1835816cfb0d83c9017082af5287e129b0dec15580dce2e
  • Instruction ID: 93efd8ad427d156c19e47756ae7d73590469abcd4526bb703f5e97fdb7dae53a
  • Opcode Fuzzy Hash: be93ae174fec49e0e1835816cfb0d83c9017082af5287e129b0dec15580dce2e
  • Instruction Fuzzy Hash: 0461A022A05BC585EB618F26E8563EDA354FB05BE8F448136DD5DFB785CE3C92958300
APIs
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: ErrorLast$CurrentDirectory
  • String ID:
  • API String ID: 3993060814-0
  • Opcode ID: 9a35608ebf0667a0be1e2a41299b647733ef9f518b20724664c280a903615085
  • Instruction ID: d024a48b9f4aeee595811a374929e961d9617c95cd0c42766d8ee796b84181bf
  • Opcode Fuzzy Hash: 9a35608ebf0667a0be1e2a41299b647733ef9f518b20724664c280a903615085
  • Instruction Fuzzy Hash: FE61D322A04BC585E7318F22F8553EDA354BB44BE8F448136DE5DEBB89DF7CA2958300
APIs
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: ErrorLast$CloseDirectoryHandleSystem
  • String ID:
  • API String ID: 1105796624-0
  • Opcode ID: 379ce094e4b3d41bf789cee7a1156aa1ac7ec0f8a2113625f357eecd4ddc35bb
  • Instruction ID: 0ac148eaf9b6f6bd1e8a8d373b33d49cd5635a8ec448265d3cb2b71b548f452d
  • Opcode Fuzzy Hash: 379ce094e4b3d41bf789cee7a1156aa1ac7ec0f8a2113625f357eecd4ddc35bb
  • Instruction Fuzzy Hash: 9C817922A14B9585EB708F25EC553EEA3A0FB44B99F445036CA0EEBBD8DF3D9651C300
APIs
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: ConsoleErrorLastWrite$ByteCharMultiWide
  • String ID:
  • API String ID: 1956605914-0
  • Opcode ID: 8cc9ad3dd247b0712cdc626823cb013f669e4188b96b897174f53f20c94ee3c9
  • Instruction ID: a566274d672e148795d671163f38e6041feb62bdb6a70a34bed835fae27359f4
  • Opcode Fuzzy Hash: 8cc9ad3dd247b0712cdc626823cb013f669e4188b96b897174f53f20c94ee3c9
  • Instruction Fuzzy Hash: E051AC22A0869685E7208B65D8463FEA251BB047D8F484632ED4EF7AD8DF3D96A58340
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: ErrorLastclosesocketconnect
  • String ID: +h+s
  • API String ID: 1542918720-2949623892
  • Opcode ID: ab9fde687e3e598cc117a40da9ddbc42c744ea24dc851e7e8a6286f687b7e008
  • Instruction ID: dabec3e3065deb3c6b451927616d4ddda324cb3cd9797c5d5c0006313dc4457c
  • Opcode Fuzzy Hash: ab9fde687e3e598cc117a40da9ddbc42c744ea24dc851e7e8a6286f687b7e008
  • Instruction Fuzzy Hash: 7521D761F0864686F7518B6286062BDA361AF847D4F188136CE4DE7B94EF6CA9B1C740
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: AddressHandleModuleProc
  • String ID: SetThreadDescription$kernel32
  • API String ID: 1646373207-1950310818
  • Opcode ID: f35343e957d81f29b0cfe5f80b3b9b94f5bef8ac7c641135711ed7b0e7c6ecbd
  • Instruction ID: b58ff11666eeab9259dd1ae26419a629ed96248d24a8e4578c6c4fc58d56d724
  • Opcode Fuzzy Hash: f35343e957d81f29b0cfe5f80b3b9b94f5bef8ac7c641135711ed7b0e7c6ecbd
  • Instruction Fuzzy Hash: B6F08914F09B49D5FA158B82EC461F8A360AF48BD5F494037CD0EA3750EE3CE568C310
APIs
Strings
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: lstrlenmemcmpmemmove
  • String ID: called `Result::unwrap()` on an `Err` value
  • API String ID: 3068774867-2333694755
  • Opcode ID: 097221d359f9ae9315f7db0d346ba9872c946f03235e5fa8b5dfcddd1df57c6f
  • Instruction ID: 1c48351cd97b4a8f33b5d68ad41da0fa47310c4dfc35b68a0da95aafec931242
  • Opcode Fuzzy Hash: 097221d359f9ae9315f7db0d346ba9872c946f03235e5fa8b5dfcddd1df57c6f
  • Instruction Fuzzy Hash: 0851B752A0874581EA10DB62A8022BEA760FB45BB8F544733DE6DF37D4DF7CE5618340
APIs
  • CancelIo.KERNEL32(?,?,?,?,?,?,00000000,?,00007FF6D34D5BBD,?,?,?,00000000,?,00007FF6D34E78F6), ref: 00007FF6D34E7D18
  • GetOverlappedResult.KERNEL32(?,?,?,?,?,?,00000000,?,00007FF6D34D5BBD,?,?,?,00000000,?,00007FF6D34E78F6), ref: 00007FF6D34E7D3A
  • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,?,00007FF6D34D5BBD,?,?,?,00000000,?,00007FF6D34E78F6), ref: 00007FF6D34E7D58
  • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,?,00007FF6D34D5BBD,?,?,?,00000000,?,00007FF6D34E78F6), ref: 00007FF6D34E7DB4
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: ErrorLast$CancelOverlappedResult
  • String ID:
  • API String ID: 3836860830-0
  • Opcode ID: 0d6a3f8a805c6b89bebaa39ccf015ecf48fa0361ce349d1ec8789ad1fc8d0611
  • Instruction ID: 04869e269cfca16e3cf9b186f901c65951bab4cddd4f759e86bbc193d7acbc33
  • Opcode Fuzzy Hash: 0d6a3f8a805c6b89bebaa39ccf015ecf48fa0361ce349d1ec8789ad1fc8d0611
  • Instruction Fuzzy Hash: 50318132A04B4186E7108F62E8017BDA7A0FB847A4F188536CE5CE3794CF3DE991C340
APIs
  • CreateEventW.KERNEL32(?,?,?,?,00000000,00000001,?,00007FF6D34E76BD), ref: 00007FF6D34E7A00
  • GetLastError.KERNEL32(?,?,?,?,00000000,00000001,?,00007FF6D34E76BD), ref: 00007FF6D34E7A5D
  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000001,?,00007FF6D34E76BD), ref: 00007FF6D34E7ACE
  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000001,?,00007FF6D34E76BD), ref: 00007FF6D34E7AD4
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: CloseHandle$CreateErrorEventLast
  • String ID:
  • API String ID: 3743700123-0
  • Opcode ID: 41b0fc3f326c798697f9e71773b707d7e1c60f22c00989ee746eebeaed7e9687
  • Instruction ID: f9714d2146a0428806f93800ce4d051b7a06f96b8ceb839644a34fec7041853b
  • Opcode Fuzzy Hash: 41b0fc3f326c798697f9e71773b707d7e1c60f22c00989ee746eebeaed7e9687
  • Instruction Fuzzy Hash: 4E218C33A04B4086E7218F22B85136DAA64EB887A4F188236DF9D537D0EF3D95E6C340
APIs
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: ErrorLast$DirectorySystem
  • String ID:
  • API String ID: 860285823-0
  • Opcode ID: 6d0cdf0a28aadf5b0df58b8e6606ab2ae181b47ca8618a7ffee0bb89751b144a
  • Instruction ID: cb86a1b10b74f15319c84334034130be59468ad74eb713237e6036f16fd8a8a1
  • Opcode Fuzzy Hash: 6d0cdf0a28aadf5b0df58b8e6606ab2ae181b47ca8618a7ffee0bb89751b144a
  • Instruction Fuzzy Hash: A331C422A08B6245F7748F3699563BDA291BF04BA9F140137D91EF66D8EF2DA550C300
APIs
Strings
  • __rust_end_short_backtrace__rust_begin_short_backtraces [... omitted frame ...], xrefs: 00007FF6D34E1E62
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: Startupmemset
  • String ID: __rust_end_short_backtrace__rust_begin_short_backtraces [... omitted frame ...]
  • API String ID: 1873301828-1231577002
  • Opcode ID: b0eddce7fe33bb42552e16108e32812b5c359ef9b265ea7aa9d1c09704aac092
  • Instruction ID: 155af55626eb65bb101b05e2b1b53cc22e96459ac83cbe91603521468a890db5
  • Opcode Fuzzy Hash: b0eddce7fe33bb42552e16108e32812b5c359ef9b265ea7aa9d1c09704aac092
  • Instruction Fuzzy Hash: 46B12822A08B8599E721CF65D8413EC77A0FB45798F448126DF8DA7B99DF3DE2A5C300
APIs
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: Heap$Process$Freememmove
  • String ID:
  • API String ID: 1907206786-0
  • Opcode ID: 3e12bfa78147047b6efd51ccb68fe556bd34640b66029a57a27eb93a1c74438f
  • Instruction ID: 4e09c1021014992031cbbe9bd70ec3bc378eae976b64f39e08add3330d5f840d
  • Opcode Fuzzy Hash: 3e12bfa78147047b6efd51ccb68fe556bd34640b66029a57a27eb93a1c74438f
  • Instruction Fuzzy Hash: 2801F923B49AA941F906DB93AD060AD87466B88FF8F4D8432CE4DA3741DD3CD1E78300
APIs
Memory Dump Source
  • Source File: 00000000.00000002.901662895.00007FF6D34D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF6D34D0000, based on PE: true
  • Associated: 00000000.00000002.901640051.00007FF6D34D0000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901735216.00007FF6D3502000.00000002.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901780143.00007FF6D3511000.00000004.00000001.01000000.00000006.sdmpDownload File
  • Associated: 00000000.00000002.901826256.00007FF6D3512000.00000002.00000001.01000000.00000006.sdmpDownload File
Joe Sandbox IDA Plugin
  • Snapshot File: hcaresult_0_2_7ff6d34d0000_lmtyweWwbU.jbxd
Similarity
  • API ID: CloseHandle
  • String ID:
  • API String ID: 2962429428-0
  • Opcode ID: 53028f9988b41fbe304bb245313824de683c7cf9cf1e9230ab237fb7c421fb4f
  • Instruction ID: 5b682125860a4d0b2c16b00763ef3433ad12fa980fbcf089b8215bed6ef4257c
  • Opcode Fuzzy Hash: 53028f9988b41fbe304bb245313824de683c7cf9cf1e9230ab237fb7c421fb4f
  • Instruction Fuzzy Hash: 50011E23B0954582E6758B17F95136DA224EB947E6F445132DF4E96A90DF3CE8D6C300