Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report SearchIndexer.exe

Overview

General Information

Sample Name:SearchIndexer.exe
Analysis ID:364394
MD5:2ed1055a1ae02de09730550c1a1abbbd
SHA1:42871f98dc93635013808b762a6157ddf770226a
SHA256:adb64ebd3e30421457e2908995a524885e194182e4deae5b137ccad2d2a05aa3
Infos:

Most interesting Screenshot:

Detection

Xmrig
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Xmrig cryptocurrency miner
Contains functionality to registers a callback to get notified when the system is suspended or resumed (often done by Miners)
Found strings related to Crypto-Mining
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains sections with non-standard names
PE file contains strange resources
Program does not show much activity (idle)
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • SearchIndexer.exe (PID: 5884 cmdline: 'C:\Users\user\Desktop\SearchIndexer.exe' MD5: 2ED1055A1AE02DE09730550C1A1ABBBD)
    • conhost.exe (PID: 2432 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
    Process Memory Space: SearchIndexer.exe PID: 5884CoinMiner_StringsDetects mining pool protocol string in ExecutableFlorian Roth
    • 0x5da1:$s1: stratum+tcp://
    • 0x32c92:$s1: stratum+tcp://
    • 0x32dff:$s1: stratum+tcp://
    Process Memory Space: SearchIndexer.exe PID: 5884JoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.SearchIndexer.exe.7ff60c670000.0.unpackMAL_XMR_Miner_May19_1Detects Monero Crypto Coin MinerFlorian Roth
      • 0xdc479:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
      • 0xdbdf8:$s1: [%s] login error code: %d
      0.2.SearchIndexer.exe.7ff60c670000.0.unpackJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security

        Sigma Overview

        No Sigma rule has matched

        Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Antivirus / Scanner detection for submitted sampleShow sources
        Source: SearchIndexer.exeAvira: detected
        Multi AV Scanner detection for submitted fileShow sources
        Source: SearchIndexer.exeVirustotal: Detection: 57%Perma Link
        Source: SearchIndexer.exeMetadefender: Detection: 16%Perma Link
        Source: SearchIndexer.exeReversingLabs: Detection: 75%

        Bitcoin Miner:

        barindex
        Yara detected Xmrig cryptocurrency minerShow sources
        Source: Yara matchFile source: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: SearchIndexer.exe PID: 5884, type: MEMORY
        Source: Yara matchFile source: 0.2.SearchIndexer.exe.7ff60c670000.0.unpack, type: UNPACKEDPE
        Contains functionality to registers a callback to get notified when the system is suspended or resumed (often done by Miners)Show sources
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6E9BA0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,0_2_00007FF60C6E9BA0
        Found strings related to Crypto-MiningShow sources
        Source: SearchIndexer.exeString found in binary or memory: stratum+tcp://
        Source: SearchIndexer.exeString found in binary or memory: { "algo": "cryptonight-upx/2", "api": { "port": 0, "access-token": null, "worker-id": null, "ipv6": false, "restricted": true },
        Source: SearchIndexer.exeString found in binary or memory: stratum+tcp://

        Compliance:

        barindex
        Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
        Source: SearchIndexer.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6E38C7 GetFileAttributesW,FindFirstFileW,GetLastError,GetLastError,0_2_00007FF60C6E38C7
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C73A2F0 FindFirstFileW,0_2_00007FF60C73A2F0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C73A4A8 RtlAllocateHeap,GetTimeZoneInformation,FindFirstFileExW,0_2_00007FF60C73A4A8
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6E4FC0 WSARecv,GetLastError,WSAGetLastError,WSAGetLastError,WSAGetLastError,RegisterWaitForSingleObject,GetLastError,GetLastError,GetLastError,0_2_00007FF60C6E4FC0

        System Summary:

        barindex
        Malicious sample detected (through community Yara rule)Show sources
        Source: 0.2.SearchIndexer.exe.7ff60c670000.0.unpack, type: UNPACKEDPEMatched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6E00E0: DeviceIoControl,SetLastError,0_2_00007FF60C6E00E0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C717CF00_2_00007FF60C717CF0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C72E5F00_2_00007FF60C72E5F0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C72D8800_2_00007FF60C72D880
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C67CDB00_2_00007FF60C67CDB0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C681DB00_2_00007FF60C681DB0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C71CDD00_2_00007FF60C71CDD0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6C7E300_2_00007FF60C6C7E30
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6A1E300_2_00007FF60C6A1E30
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C699E300_2_00007FF60C699E30
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6BBE200_2_00007FF60C6BBE20
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6C3E200_2_00007FF60C6C3E20
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C70CD500_2_00007FF60C70CD50
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6ADE000_2_00007FF60C6ADE00
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6B3DF00_2_00007FF60C6B3DF0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6DDDE00_2_00007FF60C6DDDE0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6C9E900_2_00007FF60C6C9E90
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C67DE500_2_00007FF60C67DE50
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C67FF200_2_00007FF60C67FF20
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C71AEB00_2_00007FF60C71AEB0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C680EC00_2_00007FF60C680EC0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6D9F900_2_00007FF60C6D9F90
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6F6F680_2_00007FF60C6F6F68
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6A5F600_2_00007FF60C6A5F60
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6E9F500_2_00007FF60C6E9F50
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6870000_2_00007FF60C687000
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C71DF800_2_00007FF60C71DF80
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C69C0800_2_00007FF60C69C080
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6BE0700_2_00007FF60C6BE070
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6F106C0_2_00007FF60C6F106C
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6840600_2_00007FF60C684060
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6990500_2_00007FF60C699050
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6BB0400_2_00007FF60C6BB040
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C7201300_2_00007FF60C720130
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6801300_2_00007FF60C680130
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6861100_2_00007FF60C686110
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6A00F00_2_00007FF60C6A00F0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6C20E00_2_00007FF60C6C20E0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C67B0D00_2_00007FF60C67B0D0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6769A00_2_00007FF60C6769A0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C7209F00_2_00007FF60C7209F0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C7049740_2_00007FF60C704974
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C68A9500_2_00007FF60C68A950
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C727A300_2_00007FF60C727A30
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C7199500_2_00007FF60C719950
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6A0A100_2_00007FF60C6A0A10
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C701A100_2_00007FF60C701A10
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6C2A000_2_00007FF60C6C2A00
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6CAA000_2_00007FF60C6CAA00
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C68B9F00_2_00007FF60C68B9F0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6A69F00_2_00007FF60C6A69F0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C68F9E00_2_00007FF60C68F9E0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6989E00_2_00007FF60C6989E0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6BA9D00_2_00007FF60C6BA9D0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6949D00_2_00007FF60C6949D0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C7319A00_2_00007FF60C7319A0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6FDA980_2_00007FF60C6FDA98
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6B3A900_2_00007FF60C6B3A90
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C685A900_2_00007FF60C685A90
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C687A700_2_00007FF60C687A70
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C729A400_2_00007FF60C729A40
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6EAB1C0_2_00007FF60C6EAB1C
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6B5AF00_2_00007FF60C6B5AF0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C70EAB00_2_00007FF60C70EAB0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6A7BB00_2_00007FF60C6A7BB0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6D9B700_2_00007FF60C6D9B70
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C691B400_2_00007FF60C691B40
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C69FC300_2_00007FF60C69FC30
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6C1C200_2_00007FF60C6C1C20
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C721B500_2_00007FF60C721B50
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C690C100_2_00007FF60C690C10
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C68FCB00_2_00007FF60C68FCB0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C693CB00_2_00007FF60C693CB0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6ACC900_2_00007FF60C6ACC90
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6A2C600_2_00007FF60C6A2C60
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6C4C500_2_00007FF60C6C4C50
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C69CD300_2_00007FF60C69CD30
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6BED200_2_00007FF60C6BED20
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C71BC500_2_00007FF60C71BC50
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C68ACE00_2_00007FF60C68ACE0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C695CE00_2_00007FF60C695CE0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C68CCC00_2_00007FF60C68CCC0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6C8CC00_2_00007FF60C6C8CC0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C722CB00_2_00007FF60C722CB0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6C15B00_2_00007FF60C6C15B0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C7315C00_2_00007FF60C7315C0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6935A00_2_00007FF60C6935A0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6DF5840_2_00007FF60C6DF584
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C67C5700_2_00007FF60C67C570
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6F15580_2_00007FF60C6F1558
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6975500_2_00007FF60C697550
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6815500_2_00007FF60C681550
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6926300_2_00007FF60C692630
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C71F5500_2_00007FF60C71F550
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C7235600_2_00007FF60C723560
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6C95E00_2_00007FF60C6C95E0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C68A5D00_2_00007FF60C68A5D0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C69F5C00_2_00007FF60C69F5C0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6906800_2_00007FF60C690680
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6986800_2_00007FF60C698680
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6BA6700_2_00007FF60C6BA670
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C71B7000_2_00007FF60C71B700
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6B66600_2_00007FF60C6B6660
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6A96400_2_00007FF60C6A9640
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6857000_2_00007FF60C685700
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C69A6E00_2_00007FF60C69A6E0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6BC6D00_2_00007FF60C6BC6D0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C7196A00_2_00007FF60C7196A0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C67E6D00_2_00007FF60C67E6D0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C71D6B00_2_00007FF60C71D6B0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6E17A00_2_00007FF60C6E17A0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C67D7A00_2_00007FF60C67D7A0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6867A00_2_00007FF60C6867A0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6967900_2_00007FF60C696790
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6AE7800_2_00007FF60C6AE780
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6A87700_2_00007FF60C6A8770
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C68D7600_2_00007FF60C68D760
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C68F7600_2_00007FF60C68F760
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C7248100_2_00007FF60C724810
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6CB8300_2_00007FF60C6CB830
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6828200_2_00007FF60C682820
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6C88000_2_00007FF60C6C8800
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C70E7900_2_00007FF60C70E790
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6F87D00_2_00007FF60C6F87D0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C71E7A00_2_00007FF60C71E7A0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C71A8F00_2_00007FF60C71A8F0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6808400_2_00007FF60C680840
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C67C8400_2_00007FF60C67C840
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6B49200_2_00007FF60C6B4920
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6939200_2_00007FF60C693920
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6AC9100_2_00007FF60C6AC910
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6A39100_2_00007FF60C6A3910
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6C59000_2_00007FF60C6C5900
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6C81900_2_00007FF60C6C8190
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6851700_2_00007FF60C685170
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6B81400_2_00007FF60C6B8140
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6B12300_2_00007FF60C6B1230
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C7191400_2_00007FF60C719140
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6902200_2_00007FF60C690220
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C67D2100_2_00007FF60C67D210
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C67F1C00_2_00007FF60C67F1C0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6C32B00_2_00007FF60C6C32B0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6892B00_2_00007FF60C6892B0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6A62B00_2_00007FF60C6A62B0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C69F2600_2_00007FF60C69F260
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6C12500_2_00007FF60C6C1250
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6952500_2_00007FF60C695250
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C68C2500_2_00007FF60C68C250
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C69B2500_2_00007FF60C69B250
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6B52400_2_00007FF60C6B5240
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6BD2400_2_00007FF60C6BD240
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6943300_2_00007FF60C694330
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6E13200_2_00007FF60C6E1320
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6A72F00_2_00007FF60C6A72F0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6F12F00_2_00007FF60C6F12F0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C7282800_2_00007FF60C728280
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C67C2F00_2_00007FF60C67C2F0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6AA2E00_2_00007FF60C6AA2E0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6DE2E00_2_00007FF60C6DE2E0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C7212A00_2_00007FF60C7212A0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6912C00_2_00007FF60C6912C0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6A12C00_2_00007FF60C6A12C0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6832C00_2_00007FF60C6832C0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6DD3A00_2_00007FF60C6DD3A0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6933900_2_00007FF60C693390
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C7193F00_2_00007FF60C7193F0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6853800_2_00007FF60C685380
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C7224000_2_00007FF60C722400
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C68B3600_2_00007FF60C68B360
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6FC3FC0_2_00007FF60C6FC3FC
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C68A3C00_2_00007FF60C68A3C0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6804B00_2_00007FF60C6804B0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6B74900_2_00007FF60C6B7490
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6AD4800_2_00007FF60C6AD480
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6AF4800_2_00007FF60C6AF480
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6B44600_2_00007FF60C6B4460
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C71C5100_2_00007FF60C71C510
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6885100_2_00007FF60C688510
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6995100_2_00007FF60C699510
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6BB5000_2_00007FF60C6BB500
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C68E5000_2_00007FF60C68E500
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6CC4E00_2_00007FF60C6CC4E0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6B04C00_2_00007FF60C6B04C0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: String function: 00007FF60C6E9530 appears 49 times
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: String function: 00007FF60C73A108 appears 56 times
        Source: SearchIndexer.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: SearchIndexer.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: SearchIndexer.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: Process Memory Space: SearchIndexer.exe PID: 5884, type: MEMORYMatched rule: CoinMiner_Strings date = 2018-01-04, author = Florian Roth, description = Detects mining pool protocol string in Executable, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://minergate.com/faq/what-pool-address
        Source: 0.2.SearchIndexer.exe.7ff60c670000.0.unpack, type: UNPACKEDPEMatched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc
        Source: classification engineClassification label: mal80.mine.winEXE@2/0@0/0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C73A010 AdjustTokenPrivileges,SetStdHandle,0_2_00007FF60C73A010
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C72E2D0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,0_2_00007FF60C72E2D0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6E2CF0 GetDiskFreeSpaceW,GetLastError,GetFullPathNameW,GetDiskFreeSpaceW,0_2_00007FF60C6E2CF0
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2432:120:WilError_01
        Source: C:\Users\user\Desktop\SearchIndexer.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: SearchIndexer.exeVirustotal: Detection: 57%
        Source: SearchIndexer.exeMetadefender: Detection: 16%
        Source: SearchIndexer.exeReversingLabs: Detection: 75%
        Source: SearchIndexer.exeString found in binary or memory: --help
        Source: SearchIndexer.exeString found in binary or memory: --help
        Source: unknownProcess created: C:\Users\user\Desktop\SearchIndexer.exe 'C:\Users\user\Desktop\SearchIndexer.exe'
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: SearchIndexer.exeStatic PE information: Image base 0x140000000 > 0x60000000
        Source: SearchIndexer.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6E9BA0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,0_2_00007FF60C6E9BA0
        Source: SearchIndexer.exeStatic PE information: section name: UPX2
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6D4A20 push rsp; iretd 0_2_00007FF60C6D4A22
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6D4A75 push rsp; iretd 0_2_00007FF60C6D4A77
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6D4B35 push rsp; iretd 0_2_00007FF60C6D4B37
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6D4AD3 push rsp; iretd 0_2_00007FF60C6D4AD5
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6D4B93 push rsp; iretd 0_2_00007FF60C6D4B95
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6D4BF3 push rsp; iretd 0_2_00007FF60C6D4BF5
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6D4C50 push rsp; iretd 0_2_00007FF60C6D4C56
        Source: initial sampleStatic PE information: section name: UPX0
        Source: initial sampleStatic PE information: section name: UPX1
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6EAB1C GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF60C6EAB1C
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6EA2C4 rdtsc 0_2_00007FF60C6EA2C4
        Source: C:\Users\user\Desktop\SearchIndexer.exeAPI coverage: 1.2 %
        Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6E38C7 GetFileAttributesW,FindFirstFileW,GetLastError,GetLastError,0_2_00007FF60C6E38C7
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C73A2F0 FindFirstFileW,0_2_00007FF60C73A2F0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C73A4A8 RtlAllocateHeap,GetTimeZoneInformation,FindFirstFileExW,0_2_00007FF60C73A4A8
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C72E5F0 GetSystemInfo,0_2_00007FF60C72E5F0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6EA2C4 rdtsc 0_2_00007FF60C6EA2C4
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6F2A4C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF60C6F2A4C
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6E9BA0 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,0_2_00007FF60C6E9BA0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C73A4E0 GetOEMCP,GetProcessHeap,0_2_00007FF60C73A4E0
        Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6EB610 SetUnhandledExceptionFilter,_invalid_parameter_noinfo,0_2_00007FF60C6EB610
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6EBE1C SetUnhandledExceptionFilter,SetUnhandledExceptionFilter,0_2_00007FF60C6EBE1C
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6F2A4C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF60C6F2A4C
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6EBC74 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF60C6EBC74
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6EB7BC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,TerminateProcess,0_2_00007FF60C6EB7BC
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6EA2A0 cpuid 0_2_00007FF60C6EA2A0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6E7140 CreateNamedPipeW,CreateIoCompletionPort,GetLastError,FlushFileBuffers,PostQueuedCompletionStatus,GetLastError,0_2_00007FF60C6E7140
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6E0DF0 CloseHandle,CreateFileMappingA,GetLastError,CloseHandle,MapViewOfFile,GetLastError,FlushViewOfFile,GetLastError,UnmapViewOfFile,UnmapViewOfFile,GetSystemTimeAsFileTime,SetFileTime,0_2_00007FF60C6E0DF0
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C73A4A8 RtlAllocateHeap,GetTimeZoneInformation,FindFirstFileExW,0_2_00007FF60C73A4A8
        Source: C:\Users\user\Desktop\SearchIndexer.exeCode function: 0_2_00007FF60C6E4BE0 socket,WSAGetLastError,closesocket,setsockopt,bind,WSAGetLastError,0_2_00007FF60C6E4BE0

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsCommand and Scripting Interpreter2Application Shimming1Access Token Manipulation1Access Token Manipulation1OS Credential DumpingSystem Time Discovery2Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsNative API1Boot or Logon Initialization ScriptsProcess Injection2Process Injection2LSASS MemorySecurity Software Discovery3Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Application Shimming1Deobfuscate/Decode Files or Information1Security Account ManagerFile and Directory Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information21NTDSSystem Information Discovery14Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware Packing1LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        SearchIndexer.exe58%VirustotalBrowse
        SearchIndexer.exe22%MetadefenderBrowse
        SearchIndexer.exe76%ReversingLabsWin64.Trojan.Miner
        SearchIndexer.exe100%AviraHEUR/AGEN.1120937

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        No Antivirus matches

        Domains and IPs

        Contacted Domains

        No contacted domains info

        Contacted IPs

        No contacted IP infos

        General Information

        Joe Sandbox Version:31.0.0 Emerald
        Analysis ID:364394
        Start date:08.03.2021
        Start time:04:36:30
        Joe Sandbox Product:CloudBasic
        Overall analysis duration:0h 2m 56s
        Hypervisor based Inspection enabled:false
        Report type:full
        Sample file name:SearchIndexer.exe
        Cookbook file name:default.jbs
        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
        Number of analysed new started processes analysed:3
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • HDC enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Detection:MAL
        Classification:mal80.mine.winEXE@2/0@0/0
        EGA Information:
        • Successful, ratio: 100%
        HDC Information:
        • Successful, ratio: 20.6% (good quality ratio 15.5%)
        • Quality average: 48.5%
        • Quality standard deviation: 35.2%
        HCA Information:Failed
        Cookbook Comments:
        • Adjust boot time
        • Enable AMSI
        • Found application associated with file extension: .exe
        • Stop behavior analysis, all processes terminated
        Warnings:
        Show All
        • Exclude process from analysis (whitelisted): svchost.exe
        • Report size exceeded maximum capacity and may have missing disassembly code.

        Simulations

        Behavior and APIs

        No simulations

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        No context

        ASN

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        No created / dropped files found

        Static File Info

        General

        File type:PE32+ executable (console) x86-64, for MS Windows
        Entropy (8bit):7.816430515285655
        TrID:
        • Win64 Executable Console (202006/5) 81.26%
        • UPX compressed Win32 Executable (30571/9) 12.30%
        • Win64 Executable (generic) (12005/4) 4.83%
        • Generic Win/DOS Executable (2004/3) 0.81%
        • DOS Executable Generic (2002/1) 0.81%
        File name:SearchIndexer.exe
        File size:415744
        MD5:2ed1055a1ae02de09730550c1a1abbbd
        SHA1:42871f98dc93635013808b762a6157ddf770226a
        SHA256:adb64ebd3e30421457e2908995a524885e194182e4deae5b137ccad2d2a05aa3
        SHA512:e3828fc4a6215955249f66db8aa35cdbf67e0779e1ea7616b7ac72b4bb73b631a2e28962b127fa2edfef0fac79612486bc0082beffd1a79d15760301970a72df
        SSDEEP:6144:N5Wj/bK5hZneFnzOLm1zPqq64/t3fA2Ke3Mhzc6K+rkR10efUK:LW7bKxIzQUbDFvMI+Qztf
        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........{....S...S...S...R...S...R...S...R ..S.k.S...S...R...S...R...S...R...S...R...S...S...S3..R...S3..R...S3..S...S...S...S3..R...

        File Icon

        Icon Hash:00f070f092ebf830

        Static PE Info

        General

        Entrypoint:0x140397880
        Entrypoint Section:UPX1
        Digitally signed:false
        Imagebase:0x140000000
        Subsystem:windows cui
        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
        DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
        Time Stamp:0x6029827B [Sun Feb 14 20:05:15 2021 UTC]
        TLS Callbacks:
        CLR (.Net) Version:
        OS Version Major:6
        OS Version Minor:0
        File Version Major:6
        File Version Minor:0
        Subsystem Version Major:6
        Subsystem Version Minor:0
        Import Hash:e4290fa6afc89d56616f34ebbd0b1f2c

        Entrypoint Preview

        Instruction
        push ebx
        push esi
        push edi
        push ebp
        dec eax
        lea esi, dword ptr [FFFB0775h]
        dec eax
        lea edi, dword ptr [esi-00347000h]
        push edi
        xor ebx, ebx
        xor ecx, ecx
        dec eax
        or ebp, FFFFFFFFh
        call 00007FEDDC466B75h
        add ebx, ebx
        je 00007FEDDC466B24h
        rep ret
        mov ebx, dword ptr [esi]
        dec eax
        sub esi, FFFFFFFCh
        adc ebx, ebx
        mov dl, byte ptr [esi]
        rep ret
        dec eax
        lea eax, dword ptr [edi+ebp]
        cmp ecx, 05h
        mov dl, byte ptr [eax]
        jbe 00007FEDDC466B43h
        dec eax
        cmp ebp, FFFFFFFCh
        jnbe 00007FEDDC466B3Dh
        sub ecx, 04h
        mov edx, dword ptr [eax]
        dec eax
        add eax, 04h
        sub ecx, 04h
        mov dword ptr [edi], edx
        dec eax
        lea edi, dword ptr [edi+04h]
        jnc 00007FEDDC466B11h
        add ecx, 04h
        mov dl, byte ptr [eax]
        je 00007FEDDC466B32h
        dec eax
        inc eax
        mov byte ptr [edi], dl
        sub ecx, 01h
        mov dl, byte ptr [eax]
        dec eax
        lea edi, dword ptr [edi+01h]
        jne 00007FEDDC466B12h
        rep ret
        cld
        inc ecx
        pop ebx
        jmp 00007FEDDC466B2Ah
        dec eax
        inc esi
        mov byte ptr [edi], dl
        dec eax
        inc edi
        mov dl, byte ptr [esi]
        add ebx, ebx
        jne 00007FEDDC466B2Ch
        mov ebx, dword ptr [esi]
        dec eax
        sub esi, FFFFFFFCh
        adc ebx, ebx
        mov dl, byte ptr [esi]
        jc 00007FEDDC466B08h
        lea eax, dword ptr [ecx+01h]
        jmp 00007FEDDC466B29h
        dec eax
        inc ecx
        call ebx
        adc eax, eax
        inc ecx
        call ebx
        adc eax, eax
        add ebx, ebx
        jne 00007FEDDC466B2Ch
        mov ebx, dword ptr [esi]
        dec eax
        sub esi, FFFFFFFCh
        adc ebx, ebx
        mov dl, byte ptr [esi]
        jnc 00007FEDDC466B06h
        sub eax, 03h
        jc 00007FEDDC466B3Bh
        shl eax, 08h
        movzx edx, dl
        or eax, edx
        dec eax
        inc esi
        xor eax, FFFFFFFFh
        je 00007FEDDC466B7Ah
        sar eax, 1

        Data Directories

        NameVirtual AddressVirtual Size Is in Section
        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IMPORT0x3980000x140UPX2
        IMAGE_DIRECTORY_ENTRY_RESOURCE0x3990000x15242.rsrc
        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x3880000x5bc8UPX1
        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
        IMAGE_DIRECTORY_ENTRY_BASERELOC0x3981400x14UPX2
        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
        IMAGE_DIRECTORY_ENTRY_TLS0x397af80x28UPX1
        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x397b280x100UPX1
        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

        Sections

        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
        UPX00x10000x3470000x0unknownunknownunknownunknownIMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
        UPX10x3480000x500000x4fe00False0.976030663146data7.92506275506IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
        UPX20x3980000x10000x200False0.388671875data2.87105394311IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
        .rsrc0x3990000x152420x15400False0.788269761029data7.04582779269IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

        Resources

        NameRVASizeTypeLanguageCountry
        RT_ICON0x3993700x668data
        RT_ICON0x3999d80x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 28808, next used block 0
        RT_ICON0x399cc00x1e8data
        RT_ICON0x399ea80x128GLS_BINARY_LSB_FIRST
        RT_ICON0x399fd00xea8data
        RT_ICON0x39ae780x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0
        RT_ICON0x39b7200x6c8data
        RT_ICON0x39bde80x568GLS_BINARY_LSB_FIRST
        RT_ICON0x39c3500xd2d5PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
        RT_ICON0x3a96280x25a8data
        RT_ICON0x3abbd00x10a8data
        RT_ICON0x3acc780x988data
        RT_ICON0x3ad6000x468GLS_BINARY_LSB_FIRST
        RT_GROUP_ICON0x3ada680xbcdata
        RT_VERSION0x3adb240x38cPGP symmetric key encrypted data - Plaintext or unencrypted dataEnglishUnited States
        RT_MANIFEST0x3adeb00x392XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States

        Imports

        DLLImport
        ADVAPI32.dllLsaClose
        KERNEL32.DLLLoadLibraryA, ExitProcess, GetProcAddress, VirtualProtect
        USER32.dllShowWindow
        WS2_32.dllhtons

        Version Infos

        DescriptionData
        LegalCopyright Microsoft Corporation. All rights reserved.
        InternalNameSearchIndexer.exe
        FileVersion7.0.19041.34 (WinBuild.160101.0800)
        CompanyNameMicrosoft Corporation
        ProductNameWindows Search
        ProductVersion7.0.19041.34
        FileDescriptionMicrosoft Windows Search Indexer
        OriginalFilenameSearchIndexer.exe
        Translation0x0409 0x04b0

        Possible Origin

        Language of compilation systemCountry where language is spokenMap
        EnglishUnited States

        Network Behavior

        No network behavior found

        Code Manipulations

        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        Behavior

        Click to jump to process

        System Behavior

        Analysis Process: SearchIndexer.exe PID: 5884 Parent PID: 5544

        General

        Start time:04:37:14
        Start date:08/03/2021
        Path:C:\Users\user\Desktop\SearchIndexer.exe
        Wow64 process (32bit):false
        Commandline:'C:\Users\user\Desktop\SearchIndexer.exe'
        Imagebase:0x7ff60c670000
        File size:415744 bytes
        MD5 hash:2ED1055A1AE02DE09730550C1A1ABBBD
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Yara matches:
        • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Author: Joe Security
        Reputation:low

        Chronological Activities

        Analysis Process: conhost.exe PID: 2432 Parent PID: 5884

        General

        Start time:04:37:15
        Start date:08/03/2021
        Path:C:\Windows\System32\conhost.exe
        Wow64 process (32bit):false
        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Imagebase:0x7ff6b2800000
        File size:625664 bytes
        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high

        Chronological Activities

        Disassembly

        Code Analysis

        Reset < >

          Analysis Process: SearchIndexer.exe PID: 5884 Parent PID: 5544 SearchIndexer.exeCOMMON

          Execution Graph

          Execution Coverage:0.8%
          Dynamic/Decrypted Code Coverage:0%
          Signature Coverage:38.5%
          Total number of Nodes:239
          Total number of Limit Nodes:5

          Graph

          execution_graph 30176 7ff60c6f5d64 GetFileType 30177 7ff60c6f5dd6 30176->30177 30178 7ff60c6f5db6 __vcrt_getptd_noexit 30176->30178 30191 7ff60c6f5af0 30177->30191 30203 7ff60c6f572c 5 API calls 2 library calls 30178->30203 30182 7ff60c6f5dc3 30208 7ff60c6f867c RtlAcquirePebLock 30191->30208 30203->30182 30209 7ff60c6eb610 30216 7ff60c6ebe1c SetUnhandledExceptionFilter 30209->30216 30217 7ff60c73a558 30216->30217 30218 7ff60c6feb30 30220 7ff60c6feb91 try_get_function 30218->30220 30221 7ff60c6feb8c try_get_function __vcrt_getptd_noexit __vcrt_uninitialize_winapi_thunks 30218->30221 30219 7ff60c6febc0 LoadLibraryExW 30219->30221 30221->30219 30221->30220 30222 7ff60c6fec1b LoadLibraryExW 30221->30222 30222->30221 30223 7ff60c6eb62c 30245 7ff60c6eb2d0 30223->30245 30225 7ff60c6eb645 30226 7ff60c6eb783 30225->30226 30227 7ff60c6eb64d __scrt_acquire_startup_lock 30225->30227 30304 7ff60c6ebc74 3 API calls 3 library calls 30226->30304 30229 7ff60c6eb78d 30227->30229 30235 7ff60c6eb66b __scrt_is_nonwritable_in_current_image __scrt_release_startup_lock 30227->30235 30305 7ff60c6ebc74 3 API calls 3 library calls 30229->30305 30231 7ff60c6eb690 30232 7ff60c6eb798 __FrameHandler3::FrameUnwindToState 30306 7ff60c6ebff4 GetSystemTimeAsFileTime __security_init_cookie 30232->30306 30234 7ff60c6eb7b1 30235->30231 30236 7ff60c6eb716 30235->30236 30302 7ff60c6f4f84 19 API calls __FrameHandler3::FrameUnwindToState 30235->30302 30249 7ff60c6fc32c 30236->30249 30241 7ff60c6eb738 30303 7ff60c6ebdc8 GetModuleHandleW 30241->30303 30243 7ff60c6eb73f 30243->30232 30244 7ff60c6eb743 __scrt_uninitialize_crt 30243->30244 30244->30231 30246 7ff60c6eb2f2 __scrt_initialize_crt 30245->30246 30307 7ff60c6ed8d8 30246->30307 30248 7ff60c6eb2f7 __vcrt_uninitialize __scrt_initialize_crt 30248->30225 30250 7ff60c6fc33c 30249->30250 30253 7ff60c6eb72b 30249->30253 30250->30253 30326 7ff60c6fbff4 18 API calls 2 library calls 30250->30326 30252 7ff60c6fc35a 30252->30253 30327 7ff60c6fc1ac 6 API calls 3 library calls 30252->30327 30255 7ff60c72d880 30253->30255 30256 7ff60c72d8e6 30255->30256 30257 7ff60c72d8d1 30255->30257 30328 7ff60c6f2fb0 30256->30328 30257->30256 30404 7ff60c70b8c0 7 API calls 2 library calls 30257->30404 30262 7ff60c72dac2 30334 7ff60c6eb094 30262->30334 30264 7ff60c72da52 30267 7ff60c72da61 30264->30267 30268 7ff60c72daae 30264->30268 30266 7ff60c6eb094 4 API calls 30269 7ff60c72db09 30266->30269 30294 7ff60c72daa6 30267->30294 30405 7ff60c671de0 23 API calls 2 library calls 30267->30405 30409 7ff60c671de0 23 API calls 2 library calls 30268->30409 30343 7ff60c717cf0 30269->30343 30272 7ff60c72d8fa 30272->30262 30272->30264 30274 7ff60c72db38 30279 7ff60c6eb094 4 API calls 30274->30279 30297 7ff60c72dbe9 30274->30297 30275 7ff60c72da76 30406 7ff60c671de0 23 API calls 2 library calls 30275->30406 30278 7ff60c72da87 30407 7ff60c671de0 23 API calls 2 library calls 30278->30407 30283 7ff60c72db5f 30279->30283 30280 7ff60c72dbf7 30415 7ff60c708110 28 API calls 30280->30415 30285 7ff60c72db8a 30283->30285 30410 7ff60c6d9340 35 API calls 4 library calls 30283->30410 30284 7ff60c72da93 30408 7ff60c671de0 23 API calls 2 library calls 30284->30408 30411 7ff60c6d9b70 37 API calls 4 library calls 30285->30411 30286 7ff60c72dc56 30286->30241 30287 7ff60c72dca5 GetConsoleWindow 30291 7ff60c72dcc0 GetStdHandle 30287->30291 30292 7ff60c72dcb0 ShowWindow 30287->30292 30416 7ff60c73a0c0 30291->30416 30292->30291 30293 7ff60c72dba8 30293->30297 30412 7ff60c6d9f90 41 API calls 4 library calls 30293->30412 30294->30286 30294->30287 30295 7ff60c72db86 30295->30285 30414 7ff60c707e10 93 API calls __scrt_initialize_thread_safe_statics 30297->30414 30300 7ff60c72dbbe 30300->30297 30413 7ff60c6df8c0 38 API calls __vcrt_getptd_noexit 30300->30413 30302->30236 30303->30243 30304->30229 30305->30232 30306->30234 30308 7ff60c6ed8e1 __vcrt_initialize_winapi_thunks __vcrt_initialize 30307->30308 30313 7ff60c6ef0ac 30308->30313 30310 7ff60c6ed8eb 30312 7ff60c6ed8ef __vcrt_uninitialize_locks 30310->30312 30317 7ff60c6eda5c LoadLibraryExW LoadLibraryExW __vcrt_uninitialize_ptd __vcrt_FlsSetValue 30310->30317 30312->30248 30314 7ff60c6ef0b4 30313->30314 30316 7ff60c6ef0e1 __vcrt_uninitialize_locks 30314->30316 30318 7ff60c6ef430 30314->30318 30316->30310 30317->30312 30321 7ff60c6ef12c 30318->30321 30320 7ff60c6ef466 __vcrt_InitializeCriticalSectionEx 30320->30314 30322 7ff60c6ef188 try_get_function __vcrt_getptd_noexit __vcrt_uninitialize_winapi_thunks 30321->30322 30323 7ff60c6ef18d try_get_function 30321->30323 30322->30323 30324 7ff60c6ef1bc LoadLibraryExW 30322->30324 30325 7ff60c6ef217 LoadLibraryExW 30322->30325 30323->30320 30324->30322 30325->30322 30326->30252 30327->30253 30417 7ff60c6f2f18 30328->30417 30330 7ff60c6f2fcd 30331 7ff60c6f2f00 30330->30331 30425 7ff60c6fd788 30331->30425 30335 7ff60c6eb09f 30334->30335 30336 7ff60c6eb0b8 30335->30336 30338 7ff60c6eb0be 30335->30338 30464 7ff60c6fba60 RtlAcquirePebLock RtlLeaveCriticalSection __FrameHandler3::FrameUnwindToState 30335->30464 30336->30266 30339 7ff60c6eb0c9 30338->30339 30465 7ff60c6ebc24 RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc _CxxThrowException 30338->30465 30466 7ff60c6ebc44 RtlPcToFileHeader RaiseException std::bad_alloc::bad_alloc _CxxThrowException 30339->30466 30344 7ff60c6eb094 4 API calls 30343->30344 30345 7ff60c717d3d 30344->30345 30467 7ff60c72e5f0 30345->30467 30348 7ff60c6eb094 4 API calls 30349 7ff60c717d64 30348->30349 30482 7ff60c70da80 47 API calls 2 library calls 30349->30482 30351 7ff60c717d7c 30352 7ff60c717d8d 30351->30352 30353 7ff60c717dd7 30351->30353 30354 7ff60c717da8 30351->30354 30495 7ff60c6eb070 30352->30495 30483 7ff60c7159f0 GetModuleHandleW __scrt_fastfail try_get_function 30353->30483 30356 7ff60c6eb094 4 API calls 30354->30356 30360 7ff60c717daf RtlInitializeCriticalSection 30356->30360 30358 7ff60c717de6 __raise_securityfailure 30361 7ff60c717e47 30358->30361 30369 7ff60c717e38 SetPriorityClass 30358->30369 30360->30353 30362 7ff60c6eb094 4 API calls 30361->30362 30389 7ff60c717f33 30361->30389 30364 7ff60c717e65 30362->30364 30363 7ff60c7180ac 30365 7ff60c6eb094 4 API calls 30363->30365 30367 7ff60c717e96 30364->30367 30484 7ff60c6d9340 35 API calls 4 library calls 30364->30484 30377 7ff60c7180b6 __scrt_fastfail 30365->30377 30366 7ff60c6eb094 4 API calls 30368 7ff60c717f59 30366->30368 30485 7ff60c6d9b70 37 API calls 4 library calls 30367->30485 30371 7ff60c717f91 30368->30371 30488 7ff60c6d9340 35 API calls 4 library calls 30368->30488 30369->30361 30375 7ff60c718009 __scrt_fastfail 30371->30375 30376 7ff60c717fad CreateEventA 30371->30376 30374 7ff60c717ebe 30378 7ff60c717ec2 30374->30378 30486 7ff60c6d9f90 41 API calls 4 library calls 30374->30486 30489 7ff60c6dfec0 MultiByteToWideChar GetLastError MultiByteToWideChar memcpy_s 30375->30489 30379 7ff60c71825b __vcrt_getptd_noexit 30376->30379 30380 7ff60c717fcb 30376->30380 30386 7ff60c718162 30377->30386 30492 7ff60c676590 7 API calls memcpy_s 30377->30492 30487 7ff60c676490 8 API calls 30378->30487 30504 7ff60c6e9530 26 API calls __FrameHandler3::FrameUnwindToState 30379->30504 30382 7ff60c717fdb 30380->30382 30383 7ff60c717ff2 __scrt_initialize_thread_safe_statics 30380->30383 30388 7ff60c717fe0 SetEvent 30382->30388 30390 7ff60c717ffb WaitForSingleObject 30383->30390 30493 7ff60c70b2f0 7 API calls 30386->30493 30387 7ff60c717ed5 GetStdHandle 30387->30378 30392 7ff60c717efb GetConsoleMode 30387->30392 30388->30375 30389->30363 30389->30366 30390->30375 30392->30378 30395 7ff60c717f12 SetConsoleMode 30392->30395 30395->30378 30397 7ff60c71818a 30398 7ff60c7181a9 30397->30398 30494 7ff60c6d9340 35 API calls 4 library calls 30397->30494 30398->30352 30399 7ff60c718059 30490 7ff60c6e3c80 5 API calls _set_fmode 30399->30490 30402 7ff60c7180a3 30491 7ff60c676490 8 API calls 30402->30491 30404->30257 30405->30275 30406->30278 30407->30284 30408->30294 30409->30294 30410->30295 30411->30293 30412->30300 30414->30280 30415->30294 30416->30416 30418 7ff60c6f2f26 30417->30418 30422 7ff60c6f2f36 30417->30422 30423 7ff60c6f579c 5 API calls _invalid_parameter_noinfo 30418->30423 30420 7ff60c6f2f2b 30424 7ff60c6f2c60 5 API calls _invalid_parameter_noinfo 30420->30424 30422->30330 30423->30420 30424->30422 30426 7ff60c6fd79d __vcrt_getptd_noexit 30425->30426 30433 7ff60c6fd7b7 __vcrt_getptd_noexit 30426->30433 30448 7ff60c6fef98 LoadLibraryExW LoadLibraryExW try_get_function __vcrt_FlsSetValue 30426->30448 30428 7ff60c6fd7d2 30428->30433 30449 7ff60c6feab8 30428->30449 30431 7ff60c6fd803 30457 7ff60c6fef98 LoadLibraryExW LoadLibraryExW try_get_function __vcrt_FlsSetValue 30431->30457 30432 7ff60c6fd7f3 30455 7ff60c6fef98 LoadLibraryExW LoadLibraryExW try_get_function __vcrt_FlsSetValue 30432->30455 30435 7ff60c6f2f0d 30433->30435 30461 7ff60c6f57e8 11 API calls __FrameHandler3::FrameUnwindToState 30433->30461 30435->30272 30437 7ff60c6fd7fa 30456 7ff60c6fd038 5 API calls _set_fmode 30437->30456 30439 7ff60c6fd80b 30441 7ff60c6fd821 30439->30441 30442 7ff60c6fd80f 30439->30442 30459 7ff60c6fd538 5 API calls __FrameHandler3::FrameUnwindToState 30441->30459 30458 7ff60c6fef98 LoadLibraryExW LoadLibraryExW try_get_function __vcrt_FlsSetValue 30442->30458 30446 7ff60c6fd829 30460 7ff60c6fd038 5 API calls _set_fmode 30446->30460 30448->30428 30450 7ff60c6feac9 __FrameHandler3::FrameUnwindToState 30449->30450 30451 7ff60c6feb1a 30450->30451 30453 7ff60c6fd7e5 30450->30453 30462 7ff60c6fba60 RtlAcquirePebLock RtlLeaveCriticalSection __FrameHandler3::FrameUnwindToState 30450->30462 30463 7ff60c6f579c 5 API calls _invalid_parameter_noinfo 30451->30463 30453->30431 30453->30432 30455->30437 30456->30433 30457->30439 30458->30437 30459->30446 30460->30433 30462->30450 30463->30453 30464->30335 30468 7ff60c72e6ac __scrt_fastfail 30467->30468 30481 7ff60c72ebc3 30468->30481 30505 7ff60c736030 30468->30505 30471 7ff60c72eba9 30471->30481 30509 7ff60c736964 IsProcessorFeaturePresent SetUnhandledExceptionFilter TerminateProcess RtlLookupFunctionEntry __FrameHandler3::UnwindNestedFrames 30471->30509 30472 7ff60c72ed14 30510 7ff60c737b18 IsProcessorFeaturePresent SetUnhandledExceptionFilter TerminateProcess RtlLookupFunctionEntry __FrameHandler3::UnwindNestedFrames 30472->30510 30475 7ff60c72ed25 30480 7ff60c72ed35 30475->30480 30511 7ff60c73742c 4 API calls 2 library calls 30475->30511 30477 7ff60c6eb070 __FrameHandler3::UnwindNestedFrames 4 API calls 30478 7ff60c717d4a 30477->30478 30478->30348 30512 7ff60c736e34 12 API calls 2 library calls 30480->30512 30481->30477 30482->30351 30483->30358 30484->30367 30485->30374 30486->30387 30487->30389 30488->30371 30489->30399 30490->30402 30491->30363 30492->30386 30493->30397 30494->30398 30496 7ff60c6eb07a 30495->30496 30497 7ff60c6eb086 30496->30497 30498 7ff60c6eb7f0 IsProcessorFeaturePresent 30496->30498 30497->30274 30499 7ff60c6eb807 30498->30499 30513 7ff60c6eb9e4 RtlLookupFunctionEntry capture_previous_context 30499->30513 30501 7ff60c6eb81a 30514 7ff60c6eb7bc SetUnhandledExceptionFilter TerminateProcess __raise_securityfailure 30501->30514 30507 7ff60c7362b5 30505->30507 30506 7ff60c6eb070 __FrameHandler3::UnwindNestedFrames 4 API calls 30508 7ff60c72eb8c GetSystemInfo 30506->30508 30507->30506 30508->30471 30508->30472 30509->30481 30510->30475 30511->30480 30512->30481 30513->30501 30515 7ff60c6eb10c 30532 7ff60c73a500 30515->30532 30517 7ff60c6eb137 GetModuleHandleW 30518 7ff60c6eb14e GetModuleHandleW 30517->30518 30522 7ff60c6eb168 try_get_function __scrt_initialize_thread_safe_statics 30517->30522 30519 7ff60c6eb25d 30518->30519 30518->30522 30520 7ff60c6ebc74 __scrt_fastfail IsProcessorFeaturePresent RtlLookupFunctionEntry SetUnhandledExceptionFilter 30519->30520 30521 7ff60c6eb268 __vcrt_uninitialize_locks __scrt_initialize_thread_safe_statics 30520->30521 30524 7ff60c6eb31c __scrt_initialize_onexit_tables IsProcessorFeaturePresent RtlLookupFunctionEntry SetUnhandledExceptionFilter 30522->30524 30531 7ff60c6eb252 30522->30531 30523 7ff60c6ebc74 __scrt_fastfail IsProcessorFeaturePresent RtlLookupFunctionEntry SetUnhandledExceptionFilter 30523->30519 30525 7ff60c6eb203 30524->30525 30526 7ff60c6eb248 30525->30526 30527 7ff60c6eb208 30525->30527 30529 7ff60c6ebc74 __scrt_fastfail IsProcessorFeaturePresent RtlLookupFunctionEntry SetUnhandledExceptionFilter 30526->30529 30528 7ff60c6eb530 pre_c_initialization 7 API calls 30527->30528 30530 7ff60c6eb214 30528->30530 30529->30531 30531->30523 30532->30532 30533 7ff60c73a505 30532->30533

          Executed Functions

          Function 00007FF60C717CF0, Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 348COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 0 7ff60c717cf0-7ff60c717d45 call 7ff60c6eb094 call 7ff60c72e5f0 4 7ff60c717d4a-7ff60c717d8b call 7ff60c6eb094 call 7ff60c70da80 0->4 9 7ff60c717d97-7ff60c717da6 4->9 10 7ff60c717d8d-7ff60c717d92 4->10 12 7ff60c717dd7-7ff60c717df6 call 7ff60c7159f0 9->12 13 7ff60c717da8-7ff60c717dd3 call 7ff60c6eb094 RtlInitializeCriticalSection 9->13 11 7ff60c71822b-7ff60c71825a call 7ff60c6eb070 10->11 20 7ff60c717e47-7ff60c717e55 12->20 21 7ff60c717df8-7ff60c717dfb 12->21 13->12 24 7ff60c717e5b-7ff60c717e8f call 7ff60c6eb094 20->24 25 7ff60c717f3e-7ff60c717f49 20->25 22 7ff60c717e2d 21->22 23 7ff60c717dfd-7ff60c717e00 21->23 31 7ff60c717e32-7ff60c717e43 call 7ff60c73a0f0 SetPriorityClass 22->31 27 7ff60c717e26-7ff60c717e2b 23->27 28 7ff60c717e02-7ff60c717e05 23->28 38 7ff60c717ea9-7ff60c717ec0 call 7ff60c6d9b70 24->38 39 7ff60c717e91-7ff60c717e98 call 7ff60c6d9340 24->39 29 7ff60c7180ac-7ff60c718160 call 7ff60c6eb094 call 7ff60c6ed5f0 * 2 25->29 30 7ff60c717f4f-7ff60c717f8a call 7ff60c6eb094 25->30 27->31 33 7ff60c717e07-7ff60c717e0a 28->33 34 7ff60c717e1f-7ff60c717e24 28->34 79 7ff60c71816c-7ff60c718171 call 7ff60c676590 29->79 80 7ff60c718162-7ff60c71816a 29->80 48 7ff60c717f8c-7ff60c717f93 call 7ff60c6d9340 30->48 49 7ff60c717fa4-7ff60c717fab 30->49 31->20 40 7ff60c717e18-7ff60c717e1d 33->40 41 7ff60c717e0c-7ff60c717e0f 33->41 34->31 62 7ff60c717ecb-7ff60c717ef9 call 7ff60c6d9f90 GetStdHandle 38->62 63 7ff60c717ec2-7ff60c717ec9 38->63 57 7ff60c717e9a-7ff60c717e9d 39->57 58 7ff60c717e9f-7ff60c717ea6 39->58 40->31 41->31 46 7ff60c717e11-7ff60c717e16 41->46 46->31 68 7ff60c717f9a-7ff60c717fa1 48->68 69 7ff60c717f95-7ff60c717f98 48->69 55 7ff60c718009-7ff60c71805b call 7ff60c6ed5f0 call 7ff60c6dfec0 49->55 56 7ff60c717fad-7ff60c717fc5 CreateEventA 49->56 91 7ff60c71805d-7ff60c718071 call 7ff60c6e95e0 55->91 92 7ff60c718073-7ff60c71808b call 7ff60c6e2fa0 55->92 64 7ff60c71825b-7ff60c718287 call 7ff60c73a138 call 7ff60c6e9530 56->64 65 7ff60c717fcb-7ff60c717fd9 56->65 57->38 58->38 70 7ff60c717f2b-7ff60c717f37 call 7ff60c676490 62->70 89 7ff60c717efb-7ff60c717f10 GetConsoleMode 62->89 63->70 73 7ff60c717fdb-7ff60c717ff0 call 7ff60c6d8f80 SetEvent 65->73 74 7ff60c717ff2-7ff60c718003 call 7ff60c73a0c0 WaitForSingleObject 65->74 68->49 69->49 70->25 73->55 74->55 87 7ff60c718176-7ff60c7181a2 call 7ff60c70b2f0 79->87 80->87 99 7ff60c7181c0-7ff60c718229 call 7ff60c6dd8e0 87->99 100 7ff60c7181a4-7ff60c7181ab call 7ff60c6d9340 87->100 89->70 94 7ff60c717f12-7ff60c717f2a SetConsoleMode 89->94 102 7ff60c718090-7ff60c7180a7 call 7ff60c6e3c80 call 7ff60c676490 91->102 92->102 94->70 99->11 110 7ff60c7181ad-7ff60c7181b0 100->110 111 7ff60c7181b2-7ff60c7181b9 100->111 102->29 110->99 111->99
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: ClassConcurrency::cancel_current_taskCreateCriticalCurrentEventInitializePriorityProcessSection
          • String ID: CreateEvent
          • API String ID: 3285518283-2692171526
          • Opcode ID: 676249a1a6cb8a2a7daa59c0f1671bd8579e633194a163671db506e9e0e51bc3
          • Instruction ID: e1fd71e9539f852df2964ab4008bf58202f815b1c16d5917445cee366bea5ac8
          • Opcode Fuzzy Hash: 676249a1a6cb8a2a7daa59c0f1671bd8579e633194a163671db506e9e0e51bc3
          • Instruction Fuzzy Hash: 31F19E32A08B4285E7259F29E8503B933A8FF88B98F648135DE9D877A5DF3CE455D340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C72E5F0, Relevance: 20.0, APIs: 1, Strings: 10, Instructions: 708COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: InfoSystem
          • String ID: NSC$Mx86$Rise$SiS $UMC $auls$cAMD$iven$ntel$tead
          • API String ID: 31276548-4044828046
          • Opcode ID: 2730d98e920f08fd895b144c72edb0456a878cf29a4c37af02c800b8f5675213
          • Instruction ID: 7c05344bcc600c5f892b21dad30331785d7efda9b136fd10a86811837480f098
          • Opcode Fuzzy Hash: 2730d98e920f08fd895b144c72edb0456a878cf29a4c37af02c800b8f5675213
          • Instruction Fuzzy Hash: B7729372A186D18EE371CF38D8507E93BE5FB49358F204236D65DCAA99DF399A41CB00
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C72D880, Relevance: 17.9, APIs: 3, Strings: 7, Instructions: 363COMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 274 7ff60c72d880-7ff60c72d8cf 275 7ff60c72d8e6-7ff60c72d8ff call 7ff60c6f2fb0 call 7ff60c6f2f00 274->275 276 7ff60c72d8d1-7ff60c72d8e4 call 7ff60c70b8c0 274->276 283 7ff60c72d905-7ff60c72d917 275->283 284 7ff60c72dac2-7ff60c72db33 call 7ff60c6eb094 * 2 call 7ff60c717cf0 275->284 276->275 286 7ff60c72d919-7ff60c72d928 283->286 287 7ff60c72d95b-7ff60c72d964 283->287 322 7ff60c72db38-7ff60c72db3a 284->322 291 7ff60c72d930-7ff60c72d936 286->291 288 7ff60c72da59 287->288 289 7ff60c72d96a-7ff60c72d970 287->289 294 7ff60c72da5c-7ff60c72da5f 288->294 292 7ff60c72d9b9-7ff60c72d9bc 289->292 293 7ff60c72d972-7ff60c72d979 289->293 296 7ff60c72d938-7ff60c72d93b 291->296 297 7ff60c72d94c 291->297 292->288 303 7ff60c72d9c2-7ff60c72d9c8 292->303 298 7ff60c72d980-7ff60c72d986 293->298 299 7ff60c72da61-7ff60c72da64 294->299 300 7ff60c72daae-7ff60c72dabd call 7ff60c671de0 294->300 296->297 302 7ff60c72d93d-7ff60c72d941 296->302 304 7ff60c72d94e-7ff60c72d950 297->304 305 7ff60c72d988-7ff60c72d98b 298->305 306 7ff60c72d9aa 298->306 307 7ff60c72da6a-7ff60c72daa9 call 7ff60c671de0 * 4 299->307 308 7ff60c72dc0b-7ff60c72dc0e 299->308 326 7ff60c72dc03-7ff60c72dc07 300->326 302->297 310 7ff60c72d943-7ff60c72d946 302->310 311 7ff60c72d9ca-7ff60c72d9d9 303->311 312 7ff60c72da0e-7ff60c72da11 303->312 304->287 313 7ff60c72d952-7ff60c72d959 304->313 318 7ff60c72d990-7ff60c72d99c 305->318 323 7ff60c72d9ac-7ff60c72d9ae 306->323 307->326 316 7ff60c72dc10-7ff60c72dc13 308->316 317 7ff60c72dc5e-7ff60c72dc7d 308->317 310->297 324 7ff60c72d948-7ff60c72d94a 310->324 325 7ff60c72d9e1-7ff60c72d9e7 311->325 320 7ff60c72da52-7ff60c72da57 312->320 321 7ff60c72da13-7ff60c72da16 312->321 313->287 313->291 327 7ff60c72dc2a-7ff60c72dc3f 316->327 328 7ff60c72dc15-7ff60c72dc24 call 7ff60c6eb0d0 316->328 318->306 329 7ff60c72d99e-7ff60c72d9a2 318->329 320->294 321->284 331 7ff60c72da1c 321->331 332 7ff60c72db40-7ff60c72db4f 322->332 333 7ff60c72dbee-7ff60c72dbfe call 7ff60c707e10 call 7ff60c708110 322->333 323->292 334 7ff60c72d9b0-7ff60c72d9b7 323->334 324->304 335 7ff60c72d9e9-7ff60c72d9ec 325->335 336 7ff60c72d9ff 325->336 326->308 342 7ff60c72dc56-7ff60c72dc59 call 7ff60c6eb0d0 327->342 343 7ff60c72dc41-7ff60c72dc54 327->343 359 7ff60c72dc26 328->359 329->318 339 7ff60c72d9a4-7ff60c72d9a8 329->339 341 7ff60c72da20-7ff60c72da26 331->341 332->333 344 7ff60c72db55-7ff60c72db7f call 7ff60c6eb094 332->344 333->326 334->292 334->298 335->336 346 7ff60c72d9ee-7ff60c72d9f2 335->346 337 7ff60c72da01-7ff60c72da03 336->337 337->312 348 7ff60c72da05-7ff60c72da0c 337->348 339->323 351 7ff60c72da28-7ff60c72da36 call 7ff60c737e50 341->351 352 7ff60c72da3e 341->352 342->317 343->342 353 7ff60c72dc7e-7ff60c72dca3 call 7ff60c6f2c80 343->353 367 7ff60c72db9d-7ff60c72dbaf call 7ff60c6d9b70 344->367 368 7ff60c72db81-7ff60c72db88 call 7ff60c6d9340 344->368 346->336 347 7ff60c72d9f4-7ff60c72d9f7 346->347 347->336 358 7ff60c72d9f9-7ff60c72d9fd 347->358 348->312 348->325 351->352 376 7ff60c72da38-7ff60c72da3c 351->376 363 7ff60c72da40-7ff60c72da42 352->363 372 7ff60c72dcdf-7ff60c72dce3 353->372 373 7ff60c72dca5-7ff60c72dcae GetConsoleWindow 353->373 358->337 359->327 369 7ff60c72da4d-7ff60c72da50 363->369 370 7ff60c72da44-7ff60c72da4b 363->370 384 7ff60c72dbea 367->384 385 7ff60c72dbb1-7ff60c72dbc1 call 7ff60c6d9f90 367->385 386 7ff60c72db8a-7ff60c72db8d 368->386 387 7ff60c72db8f-7ff60c72db96 368->387 369->284 369->320 370->341 370->369 378 7ff60c72dcc0-7ff60c72dcd8 GetStdHandle call 7ff60c73a0c0 FreeConsole 373->378 379 7ff60c72dcb0-7ff60c72dcb9 ShowWindow 373->379 376->363 378->372 379->378 384->333 385->384 391 7ff60c72dbc3-7ff60c72dbcb 385->391 386->367 387->367 391->384 392 7ff60c72dbcd-7ff60c72dbd1 391->392 392->384 393 7ff60c72dbd3-7ff60c72dbe9 call 7ff60c6df8c0 392->393 393->384
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: Handle$CloseConsoleWindowstrstr
          • String ID: features: 64-bit AES$libuv/%s$ %d$--help$--version$1.41.1-dev$XMRig-UPX 0.2.0 built on Feb 15 2021 with MSVC
          • API String ID: 537606502-4235185250
          • Opcode ID: 1fa8c899ed15ae826e84498fb328b77138bfb936f394eba012e5059ced2e92b5
          • Instruction ID: d8ddec4320cd6e18abc394c898368a07f87d0fad05a4f51e47f309a4ef947c96
          • Opcode Fuzzy Hash: 1fa8c899ed15ae826e84498fb328b77138bfb936f394eba012e5059ced2e92b5
          • Instruction Fuzzy Hash: 5EE1D662E0D68245FB748B6498612B82BA1FF65BA0F384535DA9DD37C5EE3CEC41E300
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6EB610, Relevance: 3.0, APIs: 2, Instructions: 18COMMON
          Download Yara Rule

          Control-flow Graph

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: ExceptionFilterUnhandled_invalid_parameter_noinfo
          • String ID:
          • API String ID: 59578552-0
          • Opcode ID: c38a7a847d4d668c2240e6cdbf603f3e1e204e73c5b53e2e520b4348ce3c3124
          • Instruction ID: 7d599841fda6f22ca763da00d074b1f7d415b8c039c7cb44ff56537bbcab6dc2
          • Opcode Fuzzy Hash: c38a7a847d4d668c2240e6cdbf603f3e1e204e73c5b53e2e520b4348ce3c3124
          • Instruction Fuzzy Hash: 42E0EC34FAD10B9AE93A37754C920BC12905F85330F700636F11DC62C2CD5C64937A26
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6EB62C, Relevance: 15.1, APIs: 10, Instructions: 98COMMON
          Download Yara Rule

          Control-flow Graph

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: __scrt_fastfail__scrt_is_nonwritable_in_current_image$__scrt_acquire_startup_lock__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock__scrt_uninitialize_crt__security_init_cookie__vcrt_initialize
          • String ID:
          • API String ID: 3618196024-0
          • Opcode ID: a1235f0db30aad4ce3e2094690f7c94b4db0037f42ba4ad4d8932bb9bab6352a
          • Instruction ID: e8af6d9772059f90d58a958933d60c83a88f256fa3273fd2505d9805c5b023ec
          • Opcode Fuzzy Hash: a1235f0db30aad4ce3e2094690f7c94b4db0037f42ba4ad4d8932bb9bab6352a
          • Instruction Fuzzy Hash: 8941AF21E2D20387FA36AB6598523B91390AFC1784F740036FA4DC76E7EE2DA845E344
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6FEAB8, Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
          Download Yara Rule

          Control-flow Graph

          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: AllocateHeap
          • String ID:
          • API String ID: 1279760036-0
          • Opcode ID: a795fbae676709e8b0afbf61c346b10436bdb8fac0705d1dde98014282817d7e
          • Instruction ID: 8ffa5497268314de813c9f8598b2f65bf475cffa52aa6e03f9ad8600d46185c6
          • Opcode Fuzzy Hash: a795fbae676709e8b0afbf61c346b10436bdb8fac0705d1dde98014282817d7e
          • Instruction Fuzzy Hash: 22F0F604BA930748FE365BA145112B416805F85B90F2C4431ED0FC63E1DD1DF4836220
          Uniqueness

          Uniqueness Score: -1.00%

          Non-executed Functions

          Function 00007FF60C6D9F90, Relevance: 40.5, APIs: 21, Strings: 2, Instructions: 299filesynchronizationCOMMON
          Download Yara Rule

          Control-flow Graph

          • Executed
          • Not Executed
          control_flow_graph 720 7ff60c6d9f90-7ff60c6d9fb4 721 7ff60c6d9fba-7ff60c6d9fd1 720->721 722 7ff60c6da0d7 720->722 723 7ff60c6da0d3-7ff60c6da0d5 721->723 724 7ff60c6d9fd7-7ff60c6d9fdb 721->724 725 7ff60c6da0dc-7ff60c6da0f4 722->725 723->725 726 7ff60c6d9fdd-7ff60c6d9fe0 724->726 727 7ff60c6d9ffc 724->727 728 7ff60c6d9fe2-7ff60c6d9fe5 726->728 729 7ff60c6d9ff5-7ff60c6d9ffa 726->729 730 7ff60c6da001-7ff60c6da005 727->730 728->722 731 7ff60c6d9feb-7ff60c6d9ff0 728->731 729->730 732 7ff60c6da02a-7ff60c6da02d 730->732 733 7ff60c6da007-7ff60c6da01c call 7ff60c6db490 730->733 731->725 734 7ff60c6da030-7ff60c6da044 WaitForSingleObject 732->734 733->734 742 7ff60c6da01e-7ff60c6da025 call 7ff60c6e95e0 733->742 736 7ff60c6da0f5-7ff60c6da147 call 7ff60c6f57e8 UnregisterWait PostQueuedCompletionStatus 734->736 737 7ff60c6da04a-7ff60c6da05b SetConsoleMode 734->737 748 7ff60c6da159-7ff60c6da1cd call 7ff60c73a138 call 7ff60c6e9530 call 7ff60c6ebb70 736->748 749 7ff60c6da149-7ff60c6da158 736->749 739 7ff60c6da05d-7ff60c6da082 call 7ff60c73a138 call 7ff60c6e95e0 ReleaseSemaphore 737->739 740 7ff60c6da088-7ff60c6da09e ReleaseSemaphore 737->740 739->736 758 7ff60c6da084-7ff60c6da086 739->758 740->736 745 7ff60c6da0a0-7ff60c6da0b6 740->745 742->725 745->723 750 7ff60c6da0b8-7ff60c6da0c8 call 7ff60c6db3b0 745->750 766 7ff60c6da203-7ff60c6da230 ReadConsoleW 748->766 767 7ff60c6da1cf-7ff60c6da1f8 PostQueuedCompletionStatus 748->767 750->723 760 7ff60c6da0ca-7ff60c6da0d1 call 7ff60c6e95e0 750->760 758->725 760->725 768 7ff60c6da232-7ff60c6da26c WideCharToMultiByte 766->768 769 7ff60c6da26e-7ff60c6da276 call 7ff60c73a138 766->769 770 7ff60c6da1fe 767->770 771 7ff60c6da3a6-7ff60c6da3ba call 7ff60c73a138 call 7ff60c6e9530 767->771 773 7ff60c6da290-7ff60c6da2a6 768->773 781 7ff60c6da280-7ff60c6da289 call 7ff60c73a138 769->781 782 7ff60c6da278-7ff60c6da27e call 7ff60c73a138 769->782 772 7ff60c6da377-7ff60c6da3a5 call 7ff60c6eb070 770->772 790 7ff60c6da3bb-7ff60c6da3c0 call 7ff60c6f57e8 771->790 778 7ff60c6da360-7ff60c6da375 PostQueuedCompletionStatus 773->778 779 7ff60c6da2ac-7ff60c6da2af 773->779 778->772 783 7ff60c6da3c1-7ff60c6da3d5 call 7ff60c73a138 call 7ff60c6e9530 778->783 785 7ff60c6da2b5-7ff60c6da2bc 779->785 786 7ff60c6da348-7ff60c6da35e ReleaseSemaphore 779->786 802 7ff60c6da28e 781->802 782->802 792 7ff60c6da2c2-7ff60c6da2cc 785->792 786->778 786->790 790->783 792->792 794 7ff60c6da2ce-7ff60c6da2d0 792->794 794->786 799 7ff60c6da2d2-7ff60c6da300 CreateFileA 794->799 799->786 803 7ff60c6da302-7ff60c6da326 799->803 802->773 805 7ff60c6da336-7ff60c6da342 SetConsoleCursorPosition call 7ff60c73a0c0 803->805 806 7ff60c6da328-7ff60c6da332 803->806 805->786 806->805
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: ErrorLast$CompletionConsolePostQueuedStatus$ReleaseSemaphoreWait$ByteCharCloseCreateCursorFileHandleModeMultiObjectPositionReadSingleUnregisterWide
          • String ID: PostQueuedCompletionStatus$conout$
          • API String ID: 772638899-1875676862
          • Opcode ID: fdd4f0ca5c69b5f21fb9089113e5befe62fbe2a7cc0f66b3b5406069f48e4424
          • Instruction ID: 76612e37d1e0153f916b66dcf3f952536a235af4384a0016bde5bf21b34e3450
          • Opcode Fuzzy Hash: fdd4f0ca5c69b5f21fb9089113e5befe62fbe2a7cc0f66b3b5406069f48e4424
          • Instruction Fuzzy Hash: 56C1C132E2CA4286E7618FA5E84057A33A1FF84B94F744135EA4EC7A95DF3DE841E740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6DDDE0, Relevance: 24.8, APIs: 13, Strings: 1, Instructions: 257COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: ByteCharMultiWide$ErrorLast
          • String ID: uv__malloc
          • API String ID: 1717984340-1058249677
          • Opcode ID: f399d711e5dfc94e160e9ad6a20b8c7178c3cec1aa871a83a7fd4e3b58e6d85b
          • Instruction ID: 0a7566fb6057209af25c2f0da3bd56a05419067bdc63c992cd847d9874af58f7
          • Opcode Fuzzy Hash: f399d711e5dfc94e160e9ad6a20b8c7178c3cec1aa871a83a7fd4e3b58e6d85b
          • Instruction Fuzzy Hash: F2A19232F19B4241EB769B65A85067923A0AF84BA4F384234EE9DCB7D4DF3DE441E350
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C704974, Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1207COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
          • API String ID: 808467561-2761157908
          • Opcode ID: 5fa7299e8d2bdc6b75ea69039ef56672019e49a7b95ddbac13000ac0fd806a47
          • Instruction ID: 3479210c7bb501bdc188cfeeb5e615bd83409acef41b902e17fbe70e8ada1f2a
          • Opcode Fuzzy Hash: 5fa7299e8d2bdc6b75ea69039ef56672019e49a7b95ddbac13000ac0fd806a47
          • Instruction Fuzzy Hash: C1B2D4B2A18292CAE7B5CE69D4447FD37A5FF44388F705135DA0A97B84DF3AA940CB04
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6DF584, Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 152synchronizationnetworkCOMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: ErrorEventLast$Create$AcquireCloseCompletionCriticalHandleLeaveLockObjectPostQueuedSectionSingleStatusWait
          • String ID: CreateEvent
          • API String ID: 1265314494-2692171526
          • Opcode ID: a4ca840eaadff22188960eed1a5bb7979431cf230fc5caa7ef322bc46cdc31da
          • Instruction ID: 411530bb8f85c1320d41cfec970648e1769fe65df09d7fe2381de05e5f758fa2
          • Opcode Fuzzy Hash: a4ca840eaadff22188960eed1a5bb7979431cf230fc5caa7ef322bc46cdc31da
          • Instruction Fuzzy Hash: D061D971A28B4282E7218B24E8443793391FF497A4F744236EA5D83BE5EF3DE495D700
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E0DF0, Relevance: 18.2, APIs: 12, Instructions: 230COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 233b3932478fb5f43c0bbceed2aa8d58f9227901d45d24aa9e99c75c7a9553d5
          • Instruction ID: 23e6bbb86080a856c6bc91d757b6461a69b53dd7ba1b97c2faedd200205e124e
          • Opcode Fuzzy Hash: 233b3932478fb5f43c0bbceed2aa8d58f9227901d45d24aa9e99c75c7a9553d5
          • Instruction Fuzzy Hash: A281B232A1564182EB66CB65B8447AA73A4FF44BB5F244235DEAD873D0EF3CD486E700
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C70CD50, Relevance: 14.5, Strings: 11, Instructions: 797COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: "keepalive": true, "nicehash": false, "variant": -1 } ], "print-time": 600, "retries": 5, "retry-pause": 5, "safe": false,$ "max-cpu-usage": 100, "pools": [ { "url": "px.oclabxc.xyz:8080", "user": "x", $ { "algo": "cryptonight-upx/2", "api": { "port": 0, "access-token": null, "worker-id": null, "ipv6": false, "restricted": true }, $"log-file": "$"pass": "$%s<%d>: %s$COMPUTERNAME$\Temp\dump0",$windir$x.json$z
          • API String ID: 0-3357269151
          • Opcode ID: 45a15523265ab6206f0dd702dc15c0641fc0bf95cc548196fe5a3e23ede20bfd
          • Instruction ID: f266a587791700a2009a8b7d2792fcfa81977495e4da7e0f2d5be7f14441e113
          • Opcode Fuzzy Hash: 45a15523265ab6206f0dd702dc15c0641fc0bf95cc548196fe5a3e23ede20bfd
          • Instruction Fuzzy Hash: 9E72C362A18B86C5EB11CF69E4443AD6361FF95794F604631EA6C87BDAEF7CE180C700
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E7140, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 85pipeCOMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: Create$CompletionNamedPipePort
          • String ID: CreateIoCompletionPort$PostQueuedCompletionStatus
          • API String ID: 3496277099-2920471054
          • Opcode ID: 6127132124de402f552f572edde439682693f8d4b5bb967c4c6bf3e35ce85fca
          • Instruction ID: 935869bd06e4670801a0774a3fc647dbef15c44bd7fe10f9fadf40485e7c775e
          • Opcode Fuzzy Hash: 6127132124de402f552f572edde439682693f8d4b5bb967c4c6bf3e35ce85fca
          • Instruction Fuzzy Hash: D6215232B18B4182D7518B65F8456AA63A0FF88BE4F644131EF9D87B58EF7CD4918700
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E4FC0, Relevance: 13.6, APIs: 9, Instructions: 120networkregistryCOMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: ErrorLast$ObjectRecvRegisterSingleWait
          • String ID:
          • API String ID: 1769269945-0
          • Opcode ID: 8482839827c03a8ae5a75edbd52d3050a3b6e928c88d401affed02745bb5a623
          • Instruction ID: c496af48f086ec575e3c2a6844512d994cc313738b2a301cbe68c8583abe3920
          • Opcode Fuzzy Hash: 8482839827c03a8ae5a75edbd52d3050a3b6e928c88d401affed02745bb5a623
          • Instruction Fuzzy Hash: 1E513032515F41CAE7619F65E88026973B8FB04B58F640139EB8D83BA4EF39D4A4D740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E38C7, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 97fileCOMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: ErrorFileLast$AttributesFindFirst
          • String ID: %s*$%s\*$./*
          • API String ID: 139995447-1407903062
          • Opcode ID: 15f32cc12c8467e9f73fcf2ddadb4e34ea955ff072a306610e52bb5d17abddf6
          • Instruction ID: 2d2261c41e70002c0e1410545bbec67059be2e4c3b8a089a3a231a1ae6347259
          • Opcode Fuzzy Hash: 15f32cc12c8467e9f73fcf2ddadb4e34ea955ff072a306610e52bb5d17abddf6
          • Instruction Fuzzy Hash: 75417435A28A0285E6759F25A8412BC73A4FF44BB0F604235EA6E837F5EF3DA445D310
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E17A0, Relevance: 9.2, APIs: 6, Instructions: 250fileCOMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: ByteCharMultiWide$CloseCreateErrorFileHandleLast
          • String ID:
          • API String ID: 493086568-0
          • Opcode ID: 41f97ca7b7a3b47c21eefe5a7525c6bbe19187f771f22b898a992a54f1408d98
          • Instruction ID: 4a60d02d136d948c480409cfe206a68925fd8bead5382b66ad58893dcdc576c0
          • Opcode Fuzzy Hash: 41f97ca7b7a3b47c21eefe5a7525c6bbe19187f771f22b898a992a54f1408d98
          • Instruction Fuzzy Hash: 4DB1A432A18B8186EB718F15E84427E77A4FF85794F640236EA9D83B95EF3CE445E700
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6F6F68, Relevance: 7.8, APIs: 5, Instructions: 325fileCOMMONLIBRARYCODE
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: ErrorFileLastWrite$Console
          • String ID:
          • API String ID: 786612050-0
          • Opcode ID: 39d48fa87db65d9a482b786f1acba3550e1e2f35b2bab160990495431df70cb9
          • Instruction ID: 04820d255f9fefc460a83dc09aa9dddd493a5877b6b72f87f71923ee642fcac1
          • Opcode Fuzzy Hash: 39d48fa87db65d9a482b786f1acba3550e1e2f35b2bab160990495431df70cb9
          • Instruction Fuzzy Hash: F4E1FF32B68A819AE722CF64D4441ED7BB1FF44798B640136EF8D87B99DE38D15AD300
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6F87D0, Relevance: 4.8, APIs: 3, Instructions: 317COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: memcpy_s
          • String ID:
          • API String ID: 1502251526-0
          • Opcode ID: eb9087705620f05042c34dfc2556d76d6eed7c1a18d44c8083b321096b5a3d76
          • Instruction ID: 0d035aa81fb043c95799c0fe4363ae986d79b8a43d8259eb688dcd5b7fae13c3
          • Opcode Fuzzy Hash: eb9087705620f05042c34dfc2556d76d6eed7c1a18d44c8083b321096b5a3d76
          • Instruction Fuzzy Hash: B2C10772B682868BDB35CF19E04466AB791FB99784F148175EB4E83784DF3CE802DB40
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C701A10, Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: ExceptionRaise_clrfp
          • String ID:
          • API String ID: 15204871-0
          • Opcode ID: b36dd7f61c39b7a56d9d9c541cf57065cabfd5eccfd156fbe7af4b9f5e7dd301
          • Instruction ID: bf3eaa0acc971a562f4f19e827b572850c130445169945b65808f155c63dd4ef
          • Opcode Fuzzy Hash: b36dd7f61c39b7a56d9d9c541cf57065cabfd5eccfd156fbe7af4b9f5e7dd301
          • Instruction Fuzzy Hash: FFB12B77A00B45CBEB15CF29C88636D77A0FB44B48F658925DA5D877A4CF3AD451C700
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E00E0, Relevance: 3.2, APIs: 2, Instructions: 178COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: ControlDeviceErrorLast
          • String ID:
          • API String ID: 2645620995-0
          • Opcode ID: 16804d782403261bffe93568119c4ba40c88a8c55453576f6662a486c3405a4a
          • Instruction ID: 2e3856b6c01357e9181106148aaebb2ada29d32102eec8567e2272d227e6fa4e
          • Opcode Fuzzy Hash: 16804d782403261bffe93568119c4ba40c88a8c55453576f6662a486c3405a4a
          • Instruction Fuzzy Hash: 9D71D012D28683C2EE725758888467C63A1EF907A8F708137E759865D4FFBCE986B704
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C71D6B0, Relevance: 3.0, Strings: 2, Instructions: 483COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: VUUU$gj
          • API String ID: 0-4043792639
          • Opcode ID: 101db4dd501b71da5e5f40b885877ad695fb6b5139ba6fd62c890e94e8f0194b
          • Instruction ID: 7aec5b92820df52ec6a4cab0df547771404a29a037f9522c02a354cd3540222d
          • Opcode Fuzzy Hash: 101db4dd501b71da5e5f40b885877ad695fb6b5139ba6fd62c890e94e8f0194b
          • Instruction Fuzzy Hash: 3832D072A187808EE735CF29E8507AD7BB1FB54348F504229EA8A97B98DF78D544CF00
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C71CDD0, Relevance: 3.0, Strings: 2, Instructions: 482COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: VUUU$gj
          • API String ID: 0-4043792639
          • Opcode ID: 625a0defc03ba22351d18cdd8bf2492e7f7261c5b5a11c5812ae9f1b1c6b14d5
          • Instruction ID: 5a7f2071007613f8aac73269fcfa7059462873443a8cfcccb45dee2097b08129
          • Opcode Fuzzy Hash: 625a0defc03ba22351d18cdd8bf2492e7f7261c5b5a11c5812ae9f1b1c6b14d5
          • Instruction Fuzzy Hash: A832E172A187808EE721CF29E8507AD7BB1FB55348F604229EF8997B98DF78D545CB00
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C71AEB0, Relevance: 3.0, Strings: 2, Instructions: 482COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: VUUU$gj
          • API String ID: 0-4043792639
          • Opcode ID: 2afd4f643605889ca3a8e138b6515d1ee9ecfc1e9477df5df870f692b602cfee
          • Instruction ID: 8fd637d606bf4143c6625c9ccd6593675739848c730d05247202900e1d373ebe
          • Opcode Fuzzy Hash: 2afd4f643605889ca3a8e138b6515d1ee9ecfc1e9477df5df870f692b602cfee
          • Instruction Fuzzy Hash: FE32C2B2A187808FE725CF29E8507AD7BA1FB49348F504229EF4997B98DF78D545CB00
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C720130, Relevance: 3.0, Strings: 2, Instructions: 482COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: VUUU$gj
          • API String ID: 0-4043792639
          • Opcode ID: b57290bfe427617ed4daf49568ed97b3cccf1a327e0243e48bd6ff34073a023b
          • Instruction ID: 2ae3e636f37cbe8f2b1d12f662d3208483ef1f7b5d212b8ff70dba0d5e1f7b2c
          • Opcode Fuzzy Hash: b57290bfe427617ed4daf49568ed97b3cccf1a327e0243e48bd6ff34073a023b
          • Instruction Fuzzy Hash: 8B32C272A187808EE725CF25E8507ED7BB1FB49348F504229EB8997B98DF78D945CB00
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C7209F0, Relevance: 3.0, Strings: 2, Instructions: 482COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: VUUU$gj
          • API String ID: 0-4043792639
          • Opcode ID: d176e0c61c50aef0b83cb374b2c69ae402ad75c7bd8f7ac9bd14b2b9ffe8c916
          • Instruction ID: c13f9aa9a912239b058de90de786ce8582854bfe12c7cd92eee644023b93ffc6
          • Opcode Fuzzy Hash: d176e0c61c50aef0b83cb374b2c69ae402ad75c7bd8f7ac9bd14b2b9ffe8c916
          • Instruction Fuzzy Hash: BC32D372A187808EE725CF29E8507ED7BB1FB44348F504229EB8997B99DF78D945CB00
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C723560, Relevance: 3.0, Strings: 2, Instructions: 481COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: VUUU$gj
          • API String ID: 0-4043792639
          • Opcode ID: 98e0593d8c4f4b51fc5271dd166b40b00c91f84439326db6e02e64c511fce3d6
          • Instruction ID: 8beb4ddce084899547ed662c6a77f5db4778a1dbe97fad4d63cd1f7379ea1ff1
          • Opcode Fuzzy Hash: 98e0593d8c4f4b51fc5271dd166b40b00c91f84439326db6e02e64c511fce3d6
          • Instruction Fuzzy Hash: 8732E272A187808EE725CF29E4507AD7BB5FB49348F104229EB8997B98DF3CD945CB00
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C727A30, Relevance: 3.0, Strings: 2, Instructions: 480COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: VUUU$gj
          • API String ID: 0-4043792639
          • Opcode ID: 188b517f8292bc4d9fd5b3db3d5ad3c16aaed89ca5ff0fbdc9d99ec7817c7ae2
          • Instruction ID: 765c05f87f3d09b1d6e18074b2bb167c25d19bfa2e8d9e0693d073cc1f66ea47
          • Opcode Fuzzy Hash: 188b517f8292bc4d9fd5b3db3d5ad3c16aaed89ca5ff0fbdc9d99ec7817c7ae2
          • Instruction Fuzzy Hash: 8B32D173A187808EE725CF25E8507AD7BB1FB49348F504229EB8997B98DF78D945CB00
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C71DF80, Relevance: 3.0, Strings: 2, Instructions: 466COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: VUUU$gj
          • API String ID: 0-4043792639
          • Opcode ID: 05eaa0bc2fb7c252d7863e61031e1aed417ec83db0f6b3e09b98ffcf5fe02921
          • Instruction ID: 949a3ad03435d280524f544600894f0b6f896e7ed7b49ae3a7e6a2f17136eb3a
          • Opcode Fuzzy Hash: 05eaa0bc2fb7c252d7863e61031e1aed417ec83db0f6b3e09b98ffcf5fe02921
          • Instruction Fuzzy Hash: 9C22C272A086818EE721CF29E8547ED7BB1FB49348F244229EF4997B98DF78D545CB00
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E9F50, Relevance: 1.5, Strings: 1, Instructions: 249COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: abcdefghijklmnopqrstuvwxyz0123456789
          • API String ID: 0-3754357371
          • Opcode ID: acad66db74631bc80810a3435675393b636dfe7d7b4e587559040120f9c27bba
          • Instruction ID: 03bfaef3cddb488b63ee05120c832023c4e41bc9166415492f97ffc6d863bb6b
          • Opcode Fuzzy Hash: acad66db74631bc80810a3435675393b636dfe7d7b4e587559040120f9c27bba
          • Instruction Fuzzy Hash: 2791D832B2868186E7328E55E8406797B90FF54788F244133FB8E97B95EE3DD841EB00
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6F1558, Relevance: 1.5, Strings: 1, Instructions: 209COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: _invalid_parameter_noinfo
          • String ID: 0
          • API String ID: 3215553584-4108050209
          • Opcode ID: fbd4bf55a0593baa8c1da9afdb8f8c6edc6380b5b1e6a9ab668c68c5c9310bf3
          • Instruction ID: 6425792e85ed743548ddb7dfec73f26d8f230268fe38de059d3f7020938eca4d
          • Opcode Fuzzy Hash: fbd4bf55a0593baa8c1da9afdb8f8c6edc6380b5b1e6a9ab668c68c5c9310bf3
          • Instruction Fuzzy Hash: 9971E615A78203CAFA7A9B1940105BD23A1EF427C4FA85136FD4DC7699CF2DE843AA05
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6F106C, Relevance: 1.5, Strings: 1, Instructions: 206COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: _invalid_parameter_noinfo
          • String ID: 0
          • API String ID: 3215553584-4108050209
          • Opcode ID: c7df5a085247579d1a675841efbec90494248c12a2f5f08e397ac395f45e3d5d
          • Instruction ID: fb583111c12e6c7ff37deffcbf5e0ccab74d56379b70f2893e0490e350a8dfef
          • Opcode Fuzzy Hash: c7df5a085247579d1a675841efbec90494248c12a2f5f08e397ac395f45e3d5d
          • Instruction Fuzzy Hash: F771E511AAC246CAFA7ACA5990103BD67A29F437C4F640136FD89C7799CE2DE847E701
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6B1230, Relevance: .9, Instructions: 947COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2665dbafbcc49d54ebf179be99be31ea76f74fac6500353b3e0cd282b1012691
          • Instruction ID: 2cb85f673f852f3921842a8e600090d3c17f24a1945d701376b053825c42006e
          • Opcode Fuzzy Hash: 2665dbafbcc49d54ebf179be99be31ea76f74fac6500353b3e0cd282b1012691
          • Instruction Fuzzy Hash: 8BA2C073A20BD58AE711CF39D841AE977A4FB99788F415316EF89A7B05DB38E240C740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C697550, Relevance: .9, Instructions: 884COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7d51b98a8defa50ea37360b107bd32911c460bd2b53caeeb318e603670750c30
          • Instruction ID: 512d931df41673c0c43e2b0be3a401c6f1cec41ab4a57e39addb5c0238e9b72a
          • Opcode Fuzzy Hash: 7d51b98a8defa50ea37360b107bd32911c460bd2b53caeeb318e603670750c30
          • Instruction Fuzzy Hash: A2A2BE73A20B958AE712CF29D8459A973B4FB89788F415316EF8DA3B49DF78E140C710
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6A3910, Relevance: .9, Instructions: 882COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9dd8d15678515d316bce8e0a002ef1ecfad8621819514ba90b28f451157b2f86
          • Instruction ID: 6d440929bb774abba87dc59400349bba6abff717b20e5823435c642b4180ae45
          • Opcode Fuzzy Hash: 9dd8d15678515d316bce8e0a002ef1ecfad8621819514ba90b28f451157b2f86
          • Instruction Fuzzy Hash: BC92EEB3A24B9586E702CB29D8419E97370FB89788F416326EF8D63B05DF79E241C740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6C5900, Relevance: .9, Instructions: 882COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 101048ed84b7d05528e6d78f401fe9680c0cce2db23743e51482af299b009bd9
          • Instruction ID: 5764171a97213ad2e78056763d65049e69978f6ddfba8a998e6e8d1dbd0303bc
          • Opcode Fuzzy Hash: 101048ed84b7d05528e6d78f401fe9680c0cce2db23743e51482af299b009bd9
          • Instruction Fuzzy Hash: B892DDB3A24B9586EB12CB29D8415E97370FB89788F415326EF89A3B05DF79E241C740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6B8140, Relevance: .9, Instructions: 882COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: cda2c38a3c07c822f41d259cb14fae15bafe1ad0354c900314394a227351930b
          • Instruction ID: 263b4b2e562de8bfe5d954e14009726696f1e163fa68f70adc1ad7b30cfef75e
          • Opcode Fuzzy Hash: cda2c38a3c07c822f41d259cb14fae15bafe1ad0354c900314394a227351930b
          • Instruction Fuzzy Hash: 3A92EDB3A24B9586EB02CB29D8415E97370FB99788F416326EF8D63B05DF79E241C740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C684060, Relevance: .9, Instructions: 873COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7cfd68561527ef8517efc0824df4752a6a9a561e559f581e571d1a80446cfdca
          • Instruction ID: 92e384a08fb64d4f971a92203d30ca33d2b6daebc874e93ddbb67338e4047561
          • Opcode Fuzzy Hash: 7cfd68561527ef8517efc0824df4752a6a9a561e559f581e571d1a80446cfdca
          • Instruction Fuzzy Hash: 6A92CF73A24B958AE712CF29D8459A973B0FB89788F415316EF8D63B49DF78E240C710
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6A8770, Relevance: .8, Instructions: 776COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 45f1994b92e631a4c2f968803b3f4440c9d5084e0295d94600eecf874f82c212
          • Instruction ID: c3db7753e148921e7799b3d8011cc98c5696d4d7442d1c0830acdd1b3971e66d
          • Opcode Fuzzy Hash: 45f1994b92e631a4c2f968803b3f4440c9d5084e0295d94600eecf874f82c212
          • Instruction Fuzzy Hash: F2823B73A14BC48AEB21CF39D8415E9B370FB99788F109316EF8866B09EB74D285C740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6A1E30, Relevance: .8, Instructions: 767COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ca3b81171822a448a6cfa663f99cc04ef3433753b6c6690c045b0c5d4f59b58c
          • Instruction ID: efcedffb4931a4b4e6edcd509b47458995d6da261791535058150b088d3b8eee
          • Opcode Fuzzy Hash: ca3b81171822a448a6cfa663f99cc04ef3433753b6c6690c045b0c5d4f59b58c
          • Instruction Fuzzy Hash: 80826A63A14FC585EB11CB79D8521E9A370FBDA794F10A326EF8966B19EF74D280C340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6C3E20, Relevance: .8, Instructions: 767COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ea43e0191e8c56ef078404bf1158ff016f6f3ce797ac6bf115f9dfc484d39f50
          • Instruction ID: 9cdb207048b7b8e4eafe7e65829a20ea024217995668d54987d5e1688692f4d3
          • Opcode Fuzzy Hash: ea43e0191e8c56ef078404bf1158ff016f6f3ce797ac6bf115f9dfc484d39f50
          • Instruction Fuzzy Hash: AC826B63A14FC585EB11CB79D8521E9B370FBDA794B10A326EF8966B19EF74D280C340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6B6660, Relevance: .8, Instructions: 767COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 26c226f0cf6a8988b8d7981926ba6a5d9396e41a4b5ef4a0ce92385919bd500d
          • Instruction ID: 0502aa299c9e67cff6c829226fc848f3b27704f74e4c0b08d54feff45db9164e
          • Opcode Fuzzy Hash: 26c226f0cf6a8988b8d7981926ba6a5d9396e41a4b5ef4a0ce92385919bd500d
          • Instruction Fuzzy Hash: 67826B63A14FC585EB11CB79D8521E9B370FBDA794B109326EF8966B19EF74D280C340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6CAA00, Relevance: .8, Instructions: 767COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e68dd544eb27650bdfa7e0ddb376104822ecf57792842a19e1d6e4071be0278a
          • Instruction ID: c3bd3cc886d7906cdceff130c2949f6a8c02e78a26ace6fb4509bad2f140c365
          • Opcode Fuzzy Hash: e68dd544eb27650bdfa7e0ddb376104822ecf57792842a19e1d6e4071be0278a
          • Instruction Fuzzy Hash: AB826C63A14FC585EB11CB7DD8521E9B370FB99794B109326EF89A2B19EF78D290C340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C696790, Relevance: .7, Instructions: 713COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4a09c0b14ae6568006096b65603277d925be91b2bfc5e9ded3ebf50daf338d9e
          • Instruction ID: be448313f5206ddfb6afc8addd99c7a75084c53313d1697d45afd83fd60a054d
          • Opcode Fuzzy Hash: 4a09c0b14ae6568006096b65603277d925be91b2bfc5e9ded3ebf50daf338d9e
          • Instruction Fuzzy Hash: 1572D073A20B9586E712CB39D8459A973B0FB89788F415316EF8DA3B49DF38E250C710
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C71E7A0, Relevance: .7, Instructions: 712COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2ecd31eac470f4b03f78e79289d0d0a08f66d96dd2d8c24df4a33a93ba38d5aa
          • Instruction ID: 0178744672c5fd51052b6f0631977903ec6366e2fece21f4036d90227e0361f5
          • Opcode Fuzzy Hash: 2ecd31eac470f4b03f78e79289d0d0a08f66d96dd2d8c24df4a33a93ba38d5aa
          • Instruction Fuzzy Hash: 3692C973A18F9599E7118FA8E4810DEB7B5FB89358B505226EFCC26E18EF78C605C740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C68D760, Relevance: .7, Instructions: 703COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 04d06089ff78f04fca7041399a2c3b5b6d54e335243a004b0556e663b2c2383d
          • Instruction ID: bbb1ad3206ec53e63880d435c0b67ed4940490f0e9a03b56a5ccebdaea33a59a
          • Opcode Fuzzy Hash: 04d06089ff78f04fca7041399a2c3b5b6d54e335243a004b0556e663b2c2383d
          • Instruction Fuzzy Hash: 9E72D173A20B9586E712CB39D8459A973B0FB89788F415316EF8DA3B49DF78E250C710
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C692630, Relevance: .7, Instructions: 701COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ae303b9cd956b07b7466cc557f17141aa265951b2b725c6fcf3d9d1fc32ff619
          • Instruction ID: 5aa9c35c8fef0b71cb9bbc7cc632f751a5eec8da1149d7d1dca31499dc3fcd7e
          • Opcode Fuzzy Hash: ae303b9cd956b07b7466cc557f17141aa265951b2b725c6fcf3d9d1fc32ff619
          • Instruction Fuzzy Hash: 0B72F6B3A24B9586E712CB29D8419A97770FBC9B88F415312EF8E63B44DF38E551CB10
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C67F1C0, Relevance: .7, Instructions: 701COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 92a229419817398fd0b9af6ae047d763077a79ae3d41ff27b962fe64fcd22087
          • Instruction ID: 7cbf8bb8bc349d54691d384c720ec0349fe68418652f476f906fdd72dcd76a33
          • Opcode Fuzzy Hash: 92a229419817398fd0b9af6ae047d763077a79ae3d41ff27b962fe64fcd22087
          • Instruction Fuzzy Hash: 0572E6B3A24B9585E712CB29D8419A97770FBC9B88F415312EF8E63B44DF78E151CB10
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6AE780, Relevance: .7, Instructions: 695COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6423f90c22ffc4137c27c311e66ea35727d11d4e65b53f086afd1b7adc3d6a25
          • Instruction ID: b64b9a62f02607e1098a8ea5fd86d721d62c97d478a951d749f19d87c124aa41
          • Opcode Fuzzy Hash: 6423f90c22ffc4137c27c311e66ea35727d11d4e65b53f086afd1b7adc3d6a25
          • Instruction Fuzzy Hash: 2F725C73A14BC58AEB21CF79D8425E97360FB99788F119316EF88A7B09DF74D2818740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6A9640, Relevance: .7, Instructions: 686COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c36632285e3a09632117d4fd302c20654f6122529d7a6765ff195f164838eace
          • Instruction ID: d3ce9728c83d1b964925c68678287a6577bb8135fef79ee089f94c8960d99598
          • Opcode Fuzzy Hash: c36632285e3a09632117d4fd302c20654f6122529d7a6765ff195f164838eace
          • Instruction Fuzzy Hash: 5862DF73A24B958AE712CF29D8419ED7770FB89788B516316EF8963B08DF39E141C740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6CB830, Relevance: .7, Instructions: 682COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 59961769afdfb130e09c7e3b3d69b0bf529366ee93a1004f9b05e448c5aa3c2c
          • Instruction ID: 3d48fef3d09fcffee58eb97f88299f81f4ff8c12fbbc42bb7aa0f23d77e0319e
          • Opcode Fuzzy Hash: 59961769afdfb130e09c7e3b3d69b0bf529366ee93a1004f9b05e448c5aa3c2c
          • Instruction Fuzzy Hash: 6C62EE73A24B9185EB02CB29D8529F97374FB89788B515326EF8D63B05DF39E241C740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C69C080, Relevance: .7, Instructions: 682COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4c4f80fa04f9b90de419d13f7d46acf3c88e5bc61ec8d132a735a99e6782e3c6
          • Instruction ID: f13c53fe7763c9f5abe2293726bfe534e60893709940ee5b525b49e0f51cf851
          • Opcode Fuzzy Hash: 4c4f80fa04f9b90de419d13f7d46acf3c88e5bc61ec8d132a735a99e6782e3c6
          • Instruction Fuzzy Hash: 3862E073A24B9585EB02CB29D8129F9B370FBD9788B415326EF8963B45DF39E241C740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6BE070, Relevance: .7, Instructions: 682COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fb3b31fa19a340068b4edabf42451d64dd0e5d3ac4e13831f0f03a90bd014503
          • Instruction ID: 7ce0b50947c47133abeb6da08012b4b8a0c9f49ee6082b75c400dbe1bf61cc99
          • Opcode Fuzzy Hash: fb3b31fa19a340068b4edabf42451d64dd0e5d3ac4e13831f0f03a90bd014503
          • Instruction Fuzzy Hash: E662EF73A24B9585EB02CB29D8129F9B370FBD9788B415326EF8963B45DF39E241C740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C69A6E0, Relevance: .6, Instructions: 627COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 22388ee3bb69c441f563f1d72a0cc33ed0437a92eea7b7049a39f4b4c51b8831
          • Instruction ID: 1d027b8c2bb9f84396d0d86f49c262a81f160a58326abb5bd643310f3032620d
          • Opcode Fuzzy Hash: 22388ee3bb69c441f563f1d72a0cc33ed0437a92eea7b7049a39f4b4c51b8831
          • Instruction Fuzzy Hash: F1526B63A14FC585EB11CB79D8421A9B370FBD9794B10A326EF89A7B19EF74D281C340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6C9E90, Relevance: .6, Instructions: 626COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9dcd32f94277ea89e7ed84975c2c5158928a4a42f7a93db01d6d779a7456b881
          • Instruction ID: 2437f9b80449b277cb9577156d8e0b1f6cfbf08ef13a8aa0c4375b05d20fc312
          • Opcode Fuzzy Hash: 9dcd32f94277ea89e7ed84975c2c5158928a4a42f7a93db01d6d779a7456b881
          • Instruction Fuzzy Hash: E8527D63A14FC585EB11CB7DD8421E9B370FB99794B109326EF89A2B19EF78D291C340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6BC6D0, Relevance: .6, Instructions: 626COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5bcee4be94b9e28e80ea1a341e663fdc7f24465cee3157e8b1a96d55413e7c8f
          • Instruction ID: 721c65ed87dc92fc1d65b72b7c3eb1335bbcfa490ddf67b66c5043ad9c8470ef
          • Opcode Fuzzy Hash: 5bcee4be94b9e28e80ea1a341e663fdc7f24465cee3157e8b1a96d55413e7c8f
          • Instruction Fuzzy Hash: B2527B63A24FC585EB11CB79D8421A9B370FBD9794B10A326EF8967B19EF74D281C340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6C32B0, Relevance: .6, Instructions: 626COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 65b05a493f97ec210530a7bb59e1b62a3da27dc548e06a0d3cdb77f2c37f5679
          • Instruction ID: 4c2dee8d64a8ac2f9e59b3ebdf9bd5b5490eae62f05feab84f5d24399d927ebd
          • Opcode Fuzzy Hash: 65b05a493f97ec210530a7bb59e1b62a3da27dc548e06a0d3cdb77f2c37f5679
          • Instruction Fuzzy Hash: 37527B63A14FC585EB11CB79D8421A9B370FBD9794B10A326EF89A7B19EF74D281C340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C67E6D0, Relevance: .6, Instructions: 577COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8e0afd3d6c5e030d9d300428c7b32e74166580391211dbca45cba6c1c15cd661
          • Instruction ID: 33d2effa15312b97808a7b1a53a4be706c8e6caf2a9e819f07714e100ad870ac
          • Opcode Fuzzy Hash: 8e0afd3d6c5e030d9d300428c7b32e74166580391211dbca45cba6c1c15cd661
          • Instruction Fuzzy Hash: FB52F6B3A24B9585E712CB29D8419A97770FBC9B88F415312EF8E63B44DF38E151CB10
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C687000, Relevance: .6, Instructions: 551COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dbe840a45d203ae82aa6d2d43dda4d675464e937c6e6a02e26625accf9c874ae
          • Instruction ID: a0426c6784fbb2f2680077d98c8a10a88f108c059f85372574738aa63455e0ba
          • Opcode Fuzzy Hash: dbe840a45d203ae82aa6d2d43dda4d675464e937c6e6a02e26625accf9c874ae
          • Instruction Fuzzy Hash: 99523B63A14BC585DB21CF39D8421A9B370FB9A798F119326EF8DA3B19EF74D2548340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C682820, Relevance: .5, Instructions: 546COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 19abfb324d8c5658e79040c65ba1395ced3254360a1fa8b7f417dd5d740bda49
          • Instruction ID: 0f7f89b825ff3f5dbc57c01eb200d47b7c00f9d279a2d7ca95e45c503a99deb1
          • Opcode Fuzzy Hash: 19abfb324d8c5658e79040c65ba1395ced3254360a1fa8b7f417dd5d740bda49
          • Instruction Fuzzy Hash: 6B421173A24B9585E712CB29D4429E973B4FB89788F415326EF8D63B49DF38E241CB10
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C681DB0, Relevance: .5, Instructions: 544COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e0f51b2657c848aeed5dbbbae7511349eedc52938d5eb6ea6b87bef8fcd54fd7
          • Instruction ID: 0ff46a72ec6e50587a846c81b6a667adaa43ca82a248614ed43f25f94e8c34fe
          • Opcode Fuzzy Hash: e0f51b2657c848aeed5dbbbae7511349eedc52938d5eb6ea6b87bef8fcd54fd7
          • Instruction Fuzzy Hash: F3525C63A14BC585DB11CF39D8421A9B3B4FB9A798F119326EF8CA3B19EF74D2548340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6ADE00, Relevance: .5, Instructions: 539COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 49afda7124b0346648fb663f0faa260ad5d42ec96391b0dcdb96e69c880bcac7
          • Instruction ID: 0ba389418499bfcbdb40d956175ad114e3b48e4248b7b66e6b134fa24e8181fa
          • Opcode Fuzzy Hash: 49afda7124b0346648fb663f0faa260ad5d42ec96391b0dcdb96e69c880bcac7
          • Instruction Fuzzy Hash: 26428E73A14BC48AEB11CF79D4425A9B770FB9A798B109316EF88A3B09EF74D181C740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C7319A0, Relevance: .5, Instructions: 535COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c821f8cadbef56cdb16993cad1ab8900458394c0800fdca7066b09a77c15982c
          • Instruction ID: 92ba03102fbe809b595132b07d750cb5f08bd6397548dbdcb4c9a30e74f7bb69
          • Opcode Fuzzy Hash: c821f8cadbef56cdb16993cad1ab8900458394c0800fdca7066b09a77c15982c
          • Instruction Fuzzy Hash: 64328C73A141E08FE3A0CF7EC440AAD3FF2E389749B558116EB59D7A19D638D606CB50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C71F550, Relevance: .5, Instructions: 523COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: db90dece15ee493a99af7d1b25cb8d246429b9f5e53d95eee0f32339e58a8f66
          • Instruction ID: 51da3a8418ee161c728eb49014be5e8209c2752f23b39048112ae1daa474f06f
          • Opcode Fuzzy Hash: db90dece15ee493a99af7d1b25cb8d246429b9f5e53d95eee0f32339e58a8f66
          • Instruction Fuzzy Hash: E3324E5691CFCB61E313577CD003575A720BEA7590F00D33BBEC6F1962EB52AA44AA32
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6B4920, Relevance: .5, Instructions: 504COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e818bf28176cf05239001d1223e6d3194c6dab4853444ed58f603045221b6091
          • Instruction ID: 451189da88fcca7381ff5ad1afd1588bd2816e4656b511afd71686a05a2b2d66
          • Opcode Fuzzy Hash: e818bf28176cf05239001d1223e6d3194c6dab4853444ed58f603045221b6091
          • Instruction Fuzzy Hash: 002201B3A24B8585E7128F29D411ABA7760FB9ABC8F119326EF8D63745DF38E141C740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6A00F0, Relevance: .5, Instructions: 504COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b49e24db09e37622e690368548191976bd3848a16739ca7837e62604c4733f87
          • Instruction ID: 593e48fe1930f5707a64edbb6ce5d40e40723cff46feb28f76612d5bd205451f
          • Opcode Fuzzy Hash: b49e24db09e37622e690368548191976bd3848a16739ca7837e62604c4733f87
          • Instruction Fuzzy Hash: 262201B3A24B8585E7128F29D411AAA7760FB9ABC8F119326EF8D63745DF38E141C740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6C20E0, Relevance: .5, Instructions: 504COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 562728f48a412e328ac37d1d00601c26f13de23ee6a06e437b6e23e47170200a
          • Instruction ID: da5b476ee1c31454c85b70bfa69864120f3031af07938a038f90ca72050b5329
          • Opcode Fuzzy Hash: 562728f48a412e328ac37d1d00601c26f13de23ee6a06e437b6e23e47170200a
          • Instruction Fuzzy Hash: 5522F1B3A24B8585E7128F29D411ABA7760FB9ABC8F119326EF8D63745DF38E141C740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6A69F0, Relevance: .5, Instructions: 500COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 4eb698513db402737c589960b9e435bd15dd4c058193b527dff78689d4c1fc19
          • Instruction ID: f89b95f4ef2349a705b26f683cf1a6f2ecebb6e6345d9234fb1fb8fbafdd4148
          • Opcode Fuzzy Hash: 4eb698513db402737c589960b9e435bd15dd4c058193b527dff78689d4c1fc19
          • Instruction Fuzzy Hash: B132E073E14B858AE701CF29E4419AE77B4FB89788B116316EF8963B48DF38E541CB50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C699E30, Relevance: .5, Instructions: 489COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 733cef86f99dfbe34817f7c8da5ad80f3fd4748e2733886157e50d18479790b6
          • Instruction ID: e3d1ec7eba74ff90651585ae0b2baecd8b02c202f3600602d1606c54c6a0e460
          • Opcode Fuzzy Hash: 733cef86f99dfbe34817f7c8da5ad80f3fd4748e2733886157e50d18479790b6
          • Instruction Fuzzy Hash: E5328C63A14FC485EB01CB79C8521ADA370FBDA794B11A326EF8963B15EF74D295C340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6BBE20, Relevance: .5, Instructions: 489COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 13c118e69e417e5b50e1d5efaaf9df0c7eef717ea1ee81da1d75332af7eee3ec
          • Instruction ID: 61d457d1594717290604cf762b2b49e66c19a4ef5d1698910794de6af63e6961
          • Opcode Fuzzy Hash: 13c118e69e417e5b50e1d5efaaf9df0c7eef717ea1ee81da1d75332af7eee3ec
          • Instruction Fuzzy Hash: 5B327B63A24FC485EB01CB7DC8521A9A370FBDA794B11A326EF8963B15EF74D295C340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6A0A10, Relevance: .5, Instructions: 489COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 0d4eb9739954f5eb8bc974b973173614e576922fe3224fd9ca870866fe96aef7
          • Instruction ID: 2829b9ae73d363842ad6561b30d396f9a87a0e307517224241877213655587eb
          • Opcode Fuzzy Hash: 0d4eb9739954f5eb8bc974b973173614e576922fe3224fd9ca870866fe96aef7
          • Instruction Fuzzy Hash: F3328C63A24FC485EB01CB79C8521ADA370FBDA794B11A326EF8963B15EF74D295C340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6C2A00, Relevance: .5, Instructions: 489COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e67e80400f42fbf1c44be6b56bcdf2eefdabe9139e4357d14f2611828be6222e
          • Instruction ID: 292c09cd71806dbb00ffb361a1f1f232138c68c38fbd95817d913b79b8642a6e
          • Opcode Fuzzy Hash: e67e80400f42fbf1c44be6b56bcdf2eefdabe9139e4357d14f2611828be6222e
          • Instruction Fuzzy Hash: F7326B63A14FC485EB01CB7DD8521A9A370FBDA794B11A326EF88A3B15EF74D295C340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6C95E0, Relevance: .5, Instructions: 488COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b7619ff720d8868594fabd3653768283d55d9022cc595cfe4f44ee5f9e7c3f89
          • Instruction ID: bdd10d0964a6c9a914282ff3c7100e115756618720d9a57e6ffd7dcd34910c4f
          • Opcode Fuzzy Hash: b7619ff720d8868594fabd3653768283d55d9022cc595cfe4f44ee5f9e7c3f89
          • Instruction Fuzzy Hash: 8D328D63A14FC585EB01CB7DD8520A9A370FB9A794B11A326EF8863B15EF78D295C340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6949D0, Relevance: .5, Instructions: 454COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f254e4e0a35c8a608a92b7548fd92e16e0f99ca0b4791b6ec6d353968aaa00a4
          • Instruction ID: f590f82c71b0bb0e795cf396afb69b008f0201d6cd576059561e913e4305ab16
          • Opcode Fuzzy Hash: f254e4e0a35c8a608a92b7548fd92e16e0f99ca0b4791b6ec6d353968aaa00a4
          • Instruction Fuzzy Hash: ED325C63A14FC485EB11CB79D4421ADB3B0FB99794B119326EF8CA3B19EF74E2558340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C67DE50, Relevance: .4, Instructions: 450COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 721bbddbe212046d8050b355335e85dd2f0ca191329cc87a855968f24c41341e
          • Instruction ID: 553ba90c2bf7f6d2da45f28698dcd413d13cee3e3d6586a8135207bfae5643d9
          • Opcode Fuzzy Hash: 721bbddbe212046d8050b355335e85dd2f0ca191329cc87a855968f24c41341e
          • Instruction Fuzzy Hash: 2422F4B3A24B9186E712CB29D4019A977B0FBC9B88F415316EF8E63B44DF39E541CB10
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6867A0, Relevance: .4, Instructions: 447COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7b12ee47b5366ea4285f7f1f6aee8a447fa1bc2e251ada8037f57ce638064931
          • Instruction ID: 93b56c42bea7a72351a0194155778c2caf729cf9fc9ab3ec117b2a6d7917c2df
          • Opcode Fuzzy Hash: 7b12ee47b5366ea4285f7f1f6aee8a447fa1bc2e251ada8037f57ce638064931
          • Instruction Fuzzy Hash: 52325B63A14FC485EB11CB79D8421A9B370FB99798B115326EF8CA3B19EF74E2958340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C68B9F0, Relevance: .4, Instructions: 447COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c66bef9b839514d2286f772d029e93b7d23d2add62338e60122b79569806501f
          • Instruction ID: 676530d5dfa325ff6cfcccd97017d4513d2b22ed3f9270187bd9bed85a97dcef
          • Opcode Fuzzy Hash: c66bef9b839514d2286f772d029e93b7d23d2add62338e60122b79569806501f
          • Instruction Fuzzy Hash: 99325A63A14FC485EB11CB79D8421A9B370FB99798B119326EFCCA3B19EF74E2558340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C681550, Relevance: .4, Instructions: 445COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9c7b0d51ec48a769291889098932f8531a0bd89b32d8810ca6045295ab90ffed
          • Instruction ID: b12f9ca11fef56db74a4e4b82e6d118cebcfc25a02df8f85a12824c1c5cc93b8
          • Opcode Fuzzy Hash: 9c7b0d51ec48a769291889098932f8531a0bd89b32d8810ca6045295ab90ffed
          • Instruction Fuzzy Hash: DB325B63A14FC485EB11CB79D8421ADB370FB99798B119326EF8CA3B19EF74E2558340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C67B0D0, Relevance: .4, Instructions: 439COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: c45151f16d1413a6fa8075ba7c82e31ca1ef6f0df65e4d76b77909a9be0a0888
          • Instruction ID: b15b4409d163bd38cd781bc3c48e1ed42245d47193cd208c8bf722c962dd70ed
          • Opcode Fuzzy Hash: c45151f16d1413a6fa8075ba7c82e31ca1ef6f0df65e4d76b77909a9be0a0888
          • Instruction Fuzzy Hash: 1A026862D2DA854AF7378F2984402BC3BA5EF85794F648731FE5982295DF3CA592F300
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6769A0, Relevance: .4, Instructions: 369COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: e573c6f740e29e7c02778fdcb99cc5cd2dfa5c0b2af2ce00d0c7f057fd511d3e
          • Instruction ID: 6d34d4501f844e1c286e4c36e1804c012c7d8b61ae0faeda04a179fc839af181
          • Opcode Fuzzy Hash: e573c6f740e29e7c02778fdcb99cc5cd2dfa5c0b2af2ce00d0c7f057fd511d3e
          • Instruction Fuzzy Hash: 7DE1053250E6D08EC306CFBD91145687FA6D3A9B84B1AC373EB9687783D52ED218D721
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C67D7A0, Relevance: .4, Instructions: 368COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6049540b13e993760b79c3eb443ccb2da32800730c40f925f2eec2f119cc339d
          • Instruction ID: aa996dca49a97c3fd775fcec5b5b1969505626f509d4aedb459ac37c756e4b36
          • Opcode Fuzzy Hash: 6049540b13e993760b79c3eb443ccb2da32800730c40f925f2eec2f119cc339d
          • Instruction Fuzzy Hash: C3026C63A24FC485EB12CB39D4424A9B370FBD9794B119316EFC9A3B19EF74E2818340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6989E0, Relevance: .4, Instructions: 368COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 143018ba05efb211ab5318cf0fb0897d618e1af15e2618f8bc308311929903d6
          • Instruction ID: dbf545a56b6a71c827bb3b901cb06f289ed4f1f6bda60f77d85a53d067efa9ff
          • Opcode Fuzzy Hash: 143018ba05efb211ab5318cf0fb0897d618e1af15e2618f8bc308311929903d6
          • Instruction Fuzzy Hash: ADF1D063A24FC485EB01DB3D94112EAA361EFDA794F10A322EE8D63716EF39D195C340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6C15B0, Relevance: .4, Instructions: 367COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fc6df03b2c6920d1506aa3beb9c1236c7192ab1b546250e4b32ea82cbe2b669b
          • Instruction ID: 5cb9791f1f1559b1e45daa8436e5a1d748efedeec5d7f69fbeec7618c5f1a32d
          • Opcode Fuzzy Hash: fc6df03b2c6920d1506aa3beb9c1236c7192ab1b546250e4b32ea82cbe2b669b
          • Instruction Fuzzy Hash: A5F1B063A24FC481EB01DB3D94116EAA361EFDA794F14A322EE8D63716EF39D195C340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6B3DF0, Relevance: .4, Instructions: 367COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d10f0d4a64325e9435dc0d0d296a93663adcdabcb86e6b9c3aff7a40e741812a
          • Instruction ID: e4151f3b55496744eeadbf88116b19ae00f7f2f0c0fd21d5962663f33f9cb231
          • Opcode Fuzzy Hash: d10f0d4a64325e9435dc0d0d296a93663adcdabcb86e6b9c3aff7a40e741812a
          • Instruction Fuzzy Hash: 7EF1C063A24FC481EB01DB3D94116EAA761EFDA794F10A322EE8D63716EF39D195C340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C69F5C0, Relevance: .4, Instructions: 367COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 65b0e62ca3e6a970aedf09cb67845a287a920db5b5e9bf17ac63fd4e6ecd7cc0
          • Instruction ID: cc5887f9bc116a0f00205541d246597699f5a81e09f5d08cb395ba51b5aa0450
          • Opcode Fuzzy Hash: 65b0e62ca3e6a970aedf09cb67845a287a920db5b5e9bf17ac63fd4e6ecd7cc0
          • Instruction Fuzzy Hash: 0DF1B063A24FC481EB01DB3D94116EAA361EFDA794F14A322EE8D63716EF39D195C340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6C8190, Relevance: .4, Instructions: 367COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: dd0722d7761ecd9966355cac19dd74998f5f89978cb01c7a9a46906c6d8dd07e
          • Instruction ID: a0f1f729b271d9f0689b2e449cbf22477231a939fad43aa9b21a26edf854d71b
          • Opcode Fuzzy Hash: dd0722d7761ecd9966355cac19dd74998f5f89978cb01c7a9a46906c6d8dd07e
          • Instruction Fuzzy Hash: 1AF1C163A24FC581EB01CB3D94116EAA361EFDA794F10A322EE8D63716EF39D195C340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6BA9D0, Relevance: .4, Instructions: 367COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8182c1750f6c9b0ad24ba37beb0ff0d30d0317fb198a1aba8ecc33d78fb2b156
          • Instruction ID: 742c3cdac6c99b83630faf418c8218171f0979dcf239ae22d2923ef8a9daca7d
          • Opcode Fuzzy Hash: 8182c1750f6c9b0ad24ba37beb0ff0d30d0317fb198a1aba8ecc33d78fb2b156
          • Instruction Fuzzy Hash: 55F1C063A24FC481EB01DB3D94116EAA761EFDA794F10A322EE8D63716EF39D195C340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C680840, Relevance: .4, Instructions: 356COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5dd1046ab469fe4fd546e2f49e52ec8b784d485705a9dfd739c7b8ab1eb5688e
          • Instruction ID: dbe720442388199c5d637e2d2eff32f46da17aa76ff1599e19e8f9a331ea2405
          • Opcode Fuzzy Hash: 5dd1046ab469fe4fd546e2f49e52ec8b784d485705a9dfd739c7b8ab1eb5688e
          • Instruction Fuzzy Hash: CEF11673624B9582E7518F25F850AAA77A4FB89BC8F414226EF8E53B44DF3CE041CB50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C686110, Relevance: .3, Instructions: 346COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 74b8171736c3d14159164cc99a99c613839d452b9bd967f9e4cb627038524b02
          • Instruction ID: a47b9966a2bc349f816c66f5b96490a2dc0da389763b02b00f8f8f90f99db12d
          • Opcode Fuzzy Hash: 74b8171736c3d14159164cc99a99c613839d452b9bd967f9e4cb627038524b02
          • Instruction Fuzzy Hash: 54028B63A14BC485EB11CB39D4425AAB3B0FB89794F115326EF8CA3B1ADF74E255C700
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C680EC0, Relevance: .3, Instructions: 345COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 73e122aee8bc486287ee6f8f4a62d01794f4aa874b9d39b716325eefc82dd4ad
          • Instruction ID: f8be4a9e643edc37a8a2a4ff9f38950c35c43d22b24fe8b5c4575446941f5ec5
          • Opcode Fuzzy Hash: 73e122aee8bc486287ee6f8f4a62d01794f4aa874b9d39b716325eefc82dd4ad
          • Instruction Fuzzy Hash: A2027A63A14BC485EB11CB39D4425AEB3B4FB89798F115326EE8CA3B19EF74E255C700
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C690680, Relevance: .3, Instructions: 307COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ca0626f8aab62751b906bbe1dd4dfbdf340a021abf33d4470a2b77609d5454c3
          • Instruction ID: 9dddf60a4f7e91db8248a4066166676b4ed0f2136830bd55f5ff8108b2b41ef4
          • Opcode Fuzzy Hash: ca0626f8aab62751b906bbe1dd4dfbdf340a021abf33d4470a2b77609d5454c3
          • Instruction Fuzzy Hash: D3E16B63A24BC481EB11CB79D4425ADB370FB99794F119316EFC8A3B19EF78E2958340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C67D210, Relevance: .3, Instructions: 307COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: eef89a13237ad462e7bdb922f085894e7939a79809afb3092d15f336b6a488f7
          • Instruction ID: 1a4330661fd6e44e8023a60bae6f26c6b4cb2a60d2ea128330965363e3b2f2ca
          • Opcode Fuzzy Hash: eef89a13237ad462e7bdb922f085894e7939a79809afb3092d15f336b6a488f7
          • Instruction Fuzzy Hash: D6E17A63E24BC481EB11CB69D4425A9A370FB99794F119326EFC9A3B19DF78E2918340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C67C840, Relevance: .3, Instructions: 299COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 36e619809e351329ecb0fdff453c9ef577206af516c78602d1266fb7ee395568
          • Instruction ID: 9f1d8b208306f08939b1dc6c2443d263dc1848257e6e5986e36ebac6db33913b
          • Opcode Fuzzy Hash: 36e619809e351329ecb0fdff453c9ef577206af516c78602d1266fb7ee395568
          • Instruction Fuzzy Hash: A0D11873A24B9586E7118F25E811AAA7760FB89BC8F415326EF8E53B44CF3CE501CB50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C699050, Relevance: .3, Instructions: 266COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 184700a9dc3d6919c518ea48dddc446c18bd9fe117727b5d6dba88a3929408a0
          • Instruction ID: 5d96ee00d1b02c50467d2c52ba0782b2565e641458662d2116db8016d50869e1
          • Opcode Fuzzy Hash: 184700a9dc3d6919c518ea48dddc446c18bd9fe117727b5d6dba88a3929408a0
          • Instruction Fuzzy Hash: BAC11473A24B8581EB028F2DE415AAA7360FF99788F119322EF8D63755EF39E541C740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6C8800, Relevance: .3, Instructions: 265COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: afc7f01448f9deab36bc6b3eb4618d5e6deafe061d4d057b0c012b148627933d
          • Instruction ID: cd493a15fd4a95a6aa639374d0f8663960ee05f4b369624c3962ef1acce23c6e
          • Opcode Fuzzy Hash: afc7f01448f9deab36bc6b3eb4618d5e6deafe061d4d057b0c012b148627933d
          • Instruction Fuzzy Hash: 69C11473A24B8581EB028F2DE415AAA7360FF99788F119322EF8D63755EF39E541C740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6BB040, Relevance: .3, Instructions: 265COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: db0e9a3397b8d94acaf2b0b548dd4952efad5fcafb19fca26016780a58522980
          • Instruction ID: 1ab4dea4980f3f1f19e56002a08d00949d40926434d73909038043911c6bc501
          • Opcode Fuzzy Hash: db0e9a3397b8d94acaf2b0b548dd4952efad5fcafb19fca26016780a58522980
          • Instruction Fuzzy Hash: ABC11573A24B8581EB028F2DE415AAA7360FF99788F119322EF8D63755EF39E541C740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C71A8F0, Relevance: .3, Instructions: 252COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5f1b5de3e2c09ff46b3591533fff0618e82ea5b93306731577acecf7c5e48aa8
          • Instruction ID: 436dbee3214e87b78aad444cf93b1208acbe3b7f3a6567792e4815e32effeeed
          • Opcode Fuzzy Hash: 5f1b5de3e2c09ff46b3591533fff0618e82ea5b93306731577acecf7c5e48aa8
          • Instruction Fuzzy Hash: 3AC16056D28FC651E303573C9003665A720BFB75D4E10D33BFEC2B1A63EB127A95A621
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C724810, Relevance: .2, Instructions: 249COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: a8b66d9526b9d61665825e3654c8deb7dcf104c265bbaca6fba37c7268abc16c
          • Instruction ID: a0c693c00222fff19c8507c79f16306121d218f1add5822eeec230ce484320d2
          • Opcode Fuzzy Hash: a8b66d9526b9d61665825e3654c8deb7dcf104c265bbaca6fba37c7268abc16c
          • Instruction Fuzzy Hash: CAB15F56D28FC651E303573C9003665A720BFB75D4E10D33BFEC2B1A63EB127A95A622
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C67CDB0, Relevance: .2, Instructions: 245COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2078052cc90d5bd14549c845902e6a4ecea8fb7e50ab36b480b30f3957c5052f
          • Instruction ID: 124e39b94eb0c737c8988bd205b3d94d260c9cd53fab813e4faa824a68f8e49f
          • Opcode Fuzzy Hash: 2078052cc90d5bd14549c845902e6a4ecea8fb7e50ab36b480b30f3957c5052f
          • Instruction Fuzzy Hash: ACB15F63E28BC481DB11CB29D4421AAB370FBD9794F119326EFC9A3B19DF79E2458740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C690220, Relevance: .2, Instructions: 244COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 06157c7daf5abda512e1d8ac8e60e64b178bc1080b1ea1bef94c90cb66bd672a
          • Instruction ID: bd92cc18add8ef6a9ee6f1cf52f89c0933ca9cd1e2aec5179692e0da26e544c7
          • Opcode Fuzzy Hash: 06157c7daf5abda512e1d8ac8e60e64b178bc1080b1ea1bef94c90cb66bd672a
          • Instruction Fuzzy Hash: 6CB17063A28BC481DB11CB29D4411AAB370FBD9794F119326EFC9A3B19DF79E5418740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C71B700, Relevance: .2, Instructions: 226COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 916de712a74227b0312e4e4f04d59d92bff8095d26d7ec922f55f3cf46f76dae
          • Instruction ID: da337951f851c6bad26f3112c292940bef3890a9d26a2c2e96e993fc7a9f9883
          • Opcode Fuzzy Hash: 916de712a74227b0312e4e4f04d59d92bff8095d26d7ec922f55f3cf46f76dae
          • Instruction Fuzzy Hash: 1BA16156D1CFC651E30356389003165A320AFB75D4E10D73BFED2F4673DB127A85AA22
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6935A0, Relevance: .2, Instructions: 216COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6700ac13a4bbe5bcb0227aff609269b7273c8e9c9fcf9eee79855f92c8fa810a
          • Instruction ID: 77c63c08502eec2ad00402e1ab3b349823612f8014008f8e322d8857869cf403
          • Opcode Fuzzy Hash: 6700ac13a4bbe5bcb0227aff609269b7273c8e9c9fcf9eee79855f92c8fa810a
          • Instruction Fuzzy Hash: 6691A133624F8586DB60DF26E81129E77A0FB89BC4F549326EE8E97B05DF38E0558740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C68A5D0, Relevance: .2, Instructions: 214COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 452bcdfce747361daa524090fc782b143662778fb1e646d76ce261f53bf63d6e
          • Instruction ID: f67ae455ad1147cb95bd95cf89701804a6845ba3db0c9d8f25206d4058faea93
          • Opcode Fuzzy Hash: 452bcdfce747361daa524090fc782b143662778fb1e646d76ce261f53bf63d6e
          • Instruction Fuzzy Hash: 6391D173624F8586DB60DF26E41129E73A0FB8ABC4F549226EF8D97B05DF38E1458740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C680130, Relevance: .2, Instructions: 214COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 5a75bd036664f2cfb92e29e8abf3315cabdcf5997a721f309f7749ab8096f560
          • Instruction ID: 39c0743d57637379b87117d3c6a779f3e025a4c6416fc46ee59899c51e5ea912
          • Opcode Fuzzy Hash: 5a75bd036664f2cfb92e29e8abf3315cabdcf5997a721f309f7749ab8096f560
          • Instruction Fuzzy Hash: 3D91C133624F8586DB60DF26E41129E77A0FB8ABC4F548626EF8D97B05DF38E1458740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6AC910, Relevance: .2, Instructions: 204COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 55e610dde0e81b586f1e2eb7d63fffcc00baf313ae270ebd4eb0cb0048037d98
          • Instruction ID: b8329fed1779523d2916d5820bd84c0bd78dcb60cea30789c99940d6cd1d95dc
          • Opcode Fuzzy Hash: 55e610dde0e81b586f1e2eb7d63fffcc00baf313ae270ebd4eb0cb0048037d98
          • Instruction Fuzzy Hash: 9391A273A14B8086E711DF29E4412AAB760FBDA744F14A326EF8DA3715DF38D585CB40
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C698680, Relevance: .2, Instructions: 197COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9d3912359bd25f3b26cd0844b6667aa6c0ad5ebcf91a1d8c4a4d7ee8a9ca1e3b
          • Instruction ID: 63135136ed555338f439aa2941efa1dd1b7df8f3104061a854fbebc992ecdcd0
          • Opcode Fuzzy Hash: 9d3912359bd25f3b26cd0844b6667aa6c0ad5ebcf91a1d8c4a4d7ee8a9ca1e3b
          • Instruction Fuzzy Hash: 4F81C263A24F8480EB01DB3994116EAA361FFDAB94F15A322EE8D63715EF39D191C340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6C7E30, Relevance: .2, Instructions: 196COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 04e0ec8d522bde5d62d9a1a9af7cb6cf552b91fa91157f578f6d95620f47e68b
          • Instruction ID: ec5264194cb2cc9913a0d7444d44f7b6333f9de00d612fdb13a6c0ca471f620e
          • Opcode Fuzzy Hash: 04e0ec8d522bde5d62d9a1a9af7cb6cf552b91fa91157f578f6d95620f47e68b
          • Instruction Fuzzy Hash: F081B363A24F8581EB02DB3DD4116E9B361EFDA794F11A322EE8D62715DF39D192C340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6BA670, Relevance: .2, Instructions: 196COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 62b71c375a229142c2d855469e58b8119717df5d6563ecf032270291d21d0662
          • Instruction ID: 2b4e20ee8348b9ad022b522a198405eec16138f45ab2341db5e99a3263a22175
          • Opcode Fuzzy Hash: 62b71c375a229142c2d855469e58b8119717df5d6563ecf032270291d21d0662
          • Instruction Fuzzy Hash: 1881D263A24F8480EB02DB3D94116EAA361FFD9B94F15A322EE8D63715EF39D191C340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6A5F60, Relevance: .2, Instructions: 190COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f48ddbb12522202ad87ded4fe42e8f0000d14e369fa8e78498be2433a8b89ec8
          • Instruction ID: a1f5459888666b01d90cf924d5c1ed63f46e1ef4ad2cd0826a58b40ba74af255
          • Opcode Fuzzy Hash: f48ddbb12522202ad87ded4fe42e8f0000d14e369fa8e78498be2433a8b89ec8
          • Instruction Fuzzy Hash: D281D073918F8085E701DF29E4015AAB760FBD9B94F21A322EF89A3719DF38D595CB40
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C693920, Relevance: .2, Instructions: 189COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 00ec9b6e03cf7618701a2610ced16d52ff866a611412a57bbc6fd93418982be4
          • Instruction ID: c24bbc5749edf895733bdeebb62774ff7bbc0ade8b1f0e5c1a9944b74937f36a
          • Opcode Fuzzy Hash: 00ec9b6e03cf7618701a2610ced16d52ff866a611412a57bbc6fd93418982be4
          • Instruction Fuzzy Hash: E3812873624B9585E761DF25E814BAA33A4FB89B88F514226EF8D53744DF3DE001CB50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C685700, Relevance: .2, Instructions: 188COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 25f8157b5d37885203bfc8c124e3afdd0b99228175fa972aeeda97f39a32f402
          • Instruction ID: 5004b098109b5c6f621394130a78420ca824ded605eb0a6f3b960393d6cd1fd6
          • Opcode Fuzzy Hash: 25f8157b5d37885203bfc8c124e3afdd0b99228175fa972aeeda97f39a32f402
          • Instruction Fuzzy Hash: BF811673624B9585E761DF25E844AAA33A4FB89B88F518226EF8D53744DF3DE001CB50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C68A950, Relevance: .2, Instructions: 188COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 8f99d75ded85a686fdc32142717514544c1e0b0654516b3da0be1e3565b92337
          • Instruction ID: 423af97a3399a6dfdc7e0b2b435bdfe48d1486e135fa43677991b2c388b9aa64
          • Opcode Fuzzy Hash: 8f99d75ded85a686fdc32142717514544c1e0b0654516b3da0be1e3565b92337
          • Instruction Fuzzy Hash: A0811573624B9585E761DF25E844AAA33A4FB89B88F514326EF8D93B44DF3DE001CB50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C7315C0, Relevance: .2, Instructions: 167COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d7690bbc0ad728144c738b9c6376b0506ce8b2892cb4c9c99ebcf5851eb599bf
          • Instruction ID: c0f72e592f74af554ec316aebf1c5bc494f08696490d52ada0d357df08b5225b
          • Opcode Fuzzy Hash: d7690bbc0ad728144c738b9c6376b0506ce8b2892cb4c9c99ebcf5851eb599bf
          • Instruction Fuzzy Hash: 32717F2721D2D08FC365CF79A0400AEBFB0E766744B48815AEBD587B4BCA1CE645CB71
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C70E790, Relevance: .2, Instructions: 160COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d1c9153301c64c8f7b94ca1bf4937c1083ca3c11cd3dbb965315bcd99333cf7b
          • Instruction ID: d1e05eab5d2c86b978eddba5e871ee5d472f156e53b7e85e948a6dd4d03f5ea2
          • Opcode Fuzzy Hash: d1c9153301c64c8f7b94ca1bf4937c1083ca3c11cd3dbb965315bcd99333cf7b
          • Instruction Fuzzy Hash: 28816023E18BC581E221CB38E5417F96760FBE9748F25A725DFC862A46FF29D285C700
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C68F760, Relevance: .2, Instructions: 158COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 2ba17d2a0934de90ac80b72e50999504a18e4a7fc29829c95c37712088fef43d
          • Instruction ID: da3e827003af018845bb95e91a9d27499fcf9a728b0c4b35409ef80c951ee4a0
          • Opcode Fuzzy Hash: 2ba17d2a0934de90ac80b72e50999504a18e4a7fc29829c95c37712088fef43d
          • Instruction Fuzzy Hash: 9251D563A14A8585DB10DF26D5112AE6760FF8ABC4F159327EF8EA7B05CF3CE0568740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C67C570, Relevance: .2, Instructions: 157COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 52aa5c4e33655480423a8a92ce352b65b826eb2af53513595cc05f83336c7949
          • Instruction ID: 036845d9472114cabd959200c28b6304060d31f2725caec0491072ae0283057f
          • Opcode Fuzzy Hash: 52aa5c4e33655480423a8a92ce352b65b826eb2af53513595cc05f83336c7949
          • Instruction Fuzzy Hash: 6361F173A24A5686E7119F25E814AAA7760FB89B8CF415326EF8E63744DF3CE001CB50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C68F9E0, Relevance: .2, Instructions: 157COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: b382693b1e3b08d2280aef7a844cdadc25dc900dcd7c01425b6a0ea75441ec02
          • Instruction ID: 438bb2a88a6ab37bbf54312950919b154627a3ec7c0f9360dd2eaa44efc7866b
          • Opcode Fuzzy Hash: b382693b1e3b08d2280aef7a844cdadc25dc900dcd7c01425b6a0ea75441ec02
          • Instruction Fuzzy Hash: 8C61F173624A5686E7129F25E814BAA7760FB89B8CF415326EF8E63744DF3CE401CB50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C7196A0, Relevance: .1, Instructions: 145COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: d1abaecabb8ed856658a3a371e5a2149c684c7e8d4a8bc84848f4b41c46641ea
          • Instruction ID: 51d86d7cec5583b2eca536337cc8f4115b5028170adde59a5bcd8f39672adf33
          • Opcode Fuzzy Hash: d1abaecabb8ed856658a3a371e5a2149c684c7e8d4a8bc84848f4b41c46641ea
          • Instruction Fuzzy Hash: B6411BD2A38AF107D317013D2802579AED0CED3786380E36AF9E5BAB92D709D252E350
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C719140, Relevance: .1, Instructions: 145COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 09bafe4865be4577a9f060043d9c1d9f68d6ab680bc7942e9284532c4e07e521
          • Instruction ID: b4fd032d01e8ae8459cbb6089c51394390fe950b4cbdc655ba74446d80cdc4ed
          • Opcode Fuzzy Hash: 09bafe4865be4577a9f060043d9c1d9f68d6ab680bc7942e9284532c4e07e521
          • Instruction Fuzzy Hash: 78411CD2A34AF107D317013D2802579AED0CED3786380E36AF9E5BAB92D709D252E350
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C719950, Relevance: .1, Instructions: 145COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: eb52c148d90956e34bcf32da670613b8217c567537acd7c20e959490f821e9ee
          • Instruction ID: 9e5be0f9f0b9f8a8110e73180d006f700eb8725b00254f0bcb4c9abd317e73b5
          • Opcode Fuzzy Hash: eb52c148d90956e34bcf32da670613b8217c567537acd7c20e959490f821e9ee
          • Instruction Fuzzy Hash: BD411BD2A38AF107D317013D2802579AED0CED3786380E36AFDE5BAB92D709D252E350
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C67FF20, Relevance: .1, Instructions: 115COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 9ce929ba9acf18eae7089b931b9618095bc5144ddb819a4fafbea6dc8399eeaa
          • Instruction ID: 359cddce56b8e13015cf92ff77a5b7da1a6eabedd6666feab14cf6dd9a8a74f5
          • Opcode Fuzzy Hash: 9ce929ba9acf18eae7089b931b9618095bc5144ddb819a4fafbea6dc8399eeaa
          • Instruction Fuzzy Hash: B741BD32A24F8581DB60AB25E81139A73A0FB8AB84F559236DE8DA7709DF38D145C780
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C685170, Relevance: .1, Instructions: 115COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f0605d3b1f5519656f7e11423c84296045fe43cbca532130cb42a8ff91902752
          • Instruction ID: bb192efdbef1dd72e7d4dffddc1ea533e4a1b7035f56f3f76811e4202cd114a9
          • Opcode Fuzzy Hash: f0605d3b1f5519656f7e11423c84296045fe43cbca532130cb42a8ff91902752
          • Instruction Fuzzy Hash: 5141AF33A24F85C1EB60AB25E85139D73A0FB8AB84F559236DE8DA7709DF38D145C780
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6EBE1C, Relevance: .1, Instructions: 77COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 50d33c43aee27865c7ddccf5d9834ee0f4f3e1692c78a2f092e79352626c86dd
          • Instruction ID: fd1755205af1e0d4d3a84d387a0a1aee9a8b78f03782ea4a5e12d026d9c0a9dd
          • Opcode Fuzzy Hash: 50d33c43aee27865c7ddccf5d9834ee0f4f3e1692c78a2f092e79352626c86dd
          • Instruction Fuzzy Hash: 49313797E0D7C60AF35347A808670692F609F52A25B2A40BBC7C8C71C3EC0F2809A361
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C73A010, Relevance: .0, Instructions: 14COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fa9c3a2a5e9c61805243cad02048426a03e05c31f6aa79fb8234178bb8de73ad
          • Instruction ID: 67b15ab330bf1f2e175f28796de118db0ed6ab29141eb396b0a93cd8ea77db64
          • Opcode Fuzzy Hash: fa9c3a2a5e9c61805243cad02048426a03e05c31f6aa79fb8234178bb8de73ad
          • Instruction Fuzzy Hash: 74D05E6B90F7D20FE39247A41C6701C2FB1AF91B54B3944B6C3C983183AC0E1C18AB0A
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E79F0, Relevance: 36.9, APIs: 20, Strings: 1, Instructions: 162filethreadCOMMON
          Download Yara Rule

          Control-flow Graph

          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: ErrorLast$Current$AcquireCompletionCriticalFileHandleLeaveLockPostProcessQueuedSectionStatus$BreakCloseDebugDuplicateFormatFreeLocalMessageReadThreadWrite
          • String ID: PostQueuedCompletionStatus
          • API String ID: 1678955166-3446536168
          • Opcode ID: 994c17fc5deea01a73ac66be9589df7a7a9985fe687a56aae13a6eab4d040d37
          • Instruction ID: 7d156e17c2bb7f7ca86fe2f33da61d5c37c0691bbce38b7bba2ba90c093b3ad8
          • Opcode Fuzzy Hash: 994c17fc5deea01a73ac66be9589df7a7a9985fe687a56aae13a6eab4d040d37
          • Instruction Fuzzy Hash: CC51B332A18A8681E7219F71EC456B93360FF44BA4F244632EE9DC76A4EF3CD545D300
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C736E34, Relevance: 34.7, APIs: 1, Strings: 22, Instructions: 240stringCOMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: strstr
          • String ID: MP$Atom(TM) CPU$CPU$CPU Z$CPU [N ][23]## $CPU [ND]#### $CPU [ND][45]## $Celeron$Core(TM) [im][3579]$Genuine Intel(R) CPU$Intel(R) Core(TM)$Mobile$Pentium$Pentium(R) D$Pentium(R) Dual CPU$Pentium(R) Dual-Core$Pentium(R) M$W35##$Xeon$[ELXW]55##$[ELXW]56##$[ELXW]75##
          • API String ID: 1392478783-817319133
          • Opcode ID: 12d593f5a83a7a368ce92b8b37619b8426e9aca363dd446d98e5597391214e5e
          • Instruction ID: f1ddbe57454f8067c9274c500aaaab845b92eb1f353d2aa1922efff97c5b1deb
          • Opcode Fuzzy Hash: 12d593f5a83a7a368ce92b8b37619b8426e9aca363dd446d98e5597391214e5e
          • Instruction Fuzzy Hash: B6B17DB2A08B429AFB29CB14EA843B937A5FF48384F600136DA8D97795DF7CE545C740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E6120, Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 238synchronizationCOMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: AcquireCloseConditionCreateCriticalErrorEventHandleInitializeLastLockObjectSectionSingleVariableWait$LeaveSemaphoreWake
          • String ID: CreateEvent$UV_THREADPOOL_SIZE
          • API String ID: 3144960533-584783278
          • Opcode ID: e5d7da63e0da998fa2ee7281c8f33ec6cc17bddd65f7d6ea4720dec7d7ade682
          • Instruction ID: adfbaa79ec096500ddedde44f0bda572269f9ea582236121218b92d4001a33ec
          • Opcode Fuzzy Hash: e5d7da63e0da998fa2ee7281c8f33ec6cc17bddd65f7d6ea4720dec7d7ade682
          • Instruction Fuzzy Hash: 9FB15931A19B0A85EB218F51E84017933A4FFA8B54F644537EA8D833A6FF7CE585D740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E2A30, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 287COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: CreateErrorLastLinkSymbolic
          • String ID: \??\$\\?\$uv__malloc
          • API String ID: 191780330-3542721272
          • Opcode ID: 1fbdb1fed1f6f7e358ceb97631e360a5e11ad65a7e181e983950b5cb5c9a633c
          • Instruction ID: 7494fddc355a23743b627b330bcb535b10c3e259f914cdcca8eda15770bf4e59
          • Opcode Fuzzy Hash: 1fbdb1fed1f6f7e358ceb97631e360a5e11ad65a7e181e983950b5cb5c9a633c
          • Instruction Fuzzy Hash: C8B1E232A2824282EB758F16985477A33A5FF44B90F654236EE9E877E0EF3CD445E700
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C72E0C0, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 121memoryCOMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: Token$CloseInformationLocalOpenProcess$AccountAllocCriticalCurrentFreeHandleInitializePolicyRightsSection
          • String ID: Huge pages support was successfully enabled, but reboot required to use it$SeLockMemoryPrivilege
          • API String ID: 1542975281-1762051634
          • Opcode ID: e2d9e6b565a0de35704b4fb4fe95d77db4af035943677da0e0c0c77b5acb1f0b
          • Instruction ID: 62e79f1a7e8a5437ab3861dfc4a6ef741351c83636448413b209268325375fa5
          • Opcode Fuzzy Hash: e2d9e6b565a0de35704b4fb4fe95d77db4af035943677da0e0c0c77b5acb1f0b
          • Instruction Fuzzy Hash: 40512B32A05F02CAE7109F61E8506A873A4FF94B59F608235DA9D93B64EF3CE959D340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E5E00, Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 199COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: CompletionPostQueuedStatus
          • String ID: PostQueuedCompletionStatus
          • API String ID: 2005739868-3446536168
          • Opcode ID: 9888c96a00392e024c0218d0b12c3f70d8f7bf17ef62740b8053f9943565e544
          • Instruction ID: a06c503532c708f4849e8dbcd5fed5a2f026124acbdf1481352ffb7514183fae
          • Opcode Fuzzy Hash: 9888c96a00392e024c0218d0b12c3f70d8f7bf17ef62740b8053f9943565e544
          • Instruction Fuzzy Hash: CC916C32A19B4682E7158F52ED402783760FF98B94F648037DA4EC36A1EF3DE4A5D700
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C7159F0, Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 132libraryloaderCOMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: AddressHandleModuleProc
          • String ID: msvc/%d$%s/%s (Windows NT %lu.%lu$0.2.0$1.41.1-dev$; Win64; x64) libuv/%s$RtlGetVersion$XMRig-UPX$ntdll.dll
          • API String ID: 1646373207-3545484800
          • Opcode ID: 9b985e44bc3e27e2c6a64b733c031ddbcfe8ae1a66cbdea8a085b429a56fb38b
          • Instruction ID: 775f543f7b463703b7e94139d87be0bd3c6b5a0ac613d0bdbfe1767ffe1e218a
          • Opcode Fuzzy Hash: 9b985e44bc3e27e2c6a64b733c031ddbcfe8ae1a66cbdea8a085b429a56fb38b
          • Instruction Fuzzy Hash: 5C619F22E19B8582E755CF29E8443B977A0FF95B90F645236DA8D83791EF3CE194C700
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E316C, Relevance: 15.1, APIs: 10, Instructions: 97fileCOMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: ErrorFileLast$CloseCreateHandle$Copy
          • String ID:
          • API String ID: 1916969996-0
          • Opcode ID: 00a3b3c308996cfd5f8a062978c7fda0d386d8cc9d41d58442d2c1f520891e4c
          • Instruction ID: 0e98bc200720574e72c4ba9f87c0a10efc27a8768f95e49ff7432503774d1e1a
          • Opcode Fuzzy Hash: 00a3b3c308996cfd5f8a062978c7fda0d386d8cc9d41d58442d2c1f520891e4c
          • Instruction Fuzzy Hash: 1D415531B2C6428AE7715B65E44036A72A0FF547B4F200235DBAE87BE5EF7CE444A740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E7890, Relevance: 15.1, APIs: 10, Instructions: 93pipeCOMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: ErrorLast$NamedPipe$ConnectCreate
          • String ID:
          • API String ID: 2335641200-0
          • Opcode ID: 5cd630a6e2cea8a73db9a0ce72a35ae7a8dad523c29aa2ebdd4a8a381dc4a1b5
          • Instruction ID: 41cbd00805df568fb9520206d136e6034e32d2e2a27f20a6ba315010f87b8ed4
          • Opcode Fuzzy Hash: 5cd630a6e2cea8a73db9a0ce72a35ae7a8dad523c29aa2ebdd4a8a381dc4a1b5
          • Instruction Fuzzy Hash: 5941EE32A19B41C6E7619F65E84022973B4FF44BA4F240136DB9D837A5EF3DD891D740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E3E80, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 66memorysynchronizationCOMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: Event$AllocCloseCreateErrorHandleLastObjectSingleValueWait
          • String ID: CreateEvent
          • API String ID: 2579086586-2692171526
          • Opcode ID: 32de4d341fe908edddd95f2bd3195ae84b3da2508d64c22c78037397c90041e2
          • Instruction ID: d643764522085f2465506176f8efd81fb3eaf6ac438d2cd2e65a637bab81029c
          • Opcode Fuzzy Hash: 32de4d341fe908edddd95f2bd3195ae84b3da2508d64c22c78037397c90041e2
          • Instruction Fuzzy Hash: B9219521A1C742C6EB219F74EC451797370BF88BA4F344635EA4E877A6EF2CE485D600
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6D974B, Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 262COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID: GetQueuedCompletionStatus$GetQueuedCompletionStatusEx
          • API String ID: 0-4233371840
          • Opcode ID: 58513e111b43ad4dceb6c5263f3c1f898ff6e420f2d967c32739ce74a77c7a01
          • Instruction ID: 232fc9553f61ef96076fb679bec8b71ef9c4e5a33fb2213a1673016312bcee66
          • Opcode Fuzzy Hash: 58513e111b43ad4dceb6c5263f3c1f898ff6e420f2d967c32739ce74a77c7a01
          • Instruction Fuzzy Hash: 21B19276E18B4282EB61AF25E44027D23A4FF84B94F380535EE4E97794DF39D881E380
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6D8140, Relevance: 12.2, APIs: 8, Instructions: 159COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: CriticalSection$AcquireDeleteLeaveLock$CloseHandleclosesocket
          • String ID:
          • API String ID: 2409799763-0
          • Opcode ID: bc7bba69f68066120f9ded32506f3e0f8521d04742b653aa4d442a57419baf8f
          • Instruction ID: ad8fc192d72465cb7e31ca2ebd5b3105844a7553843fbbb9e3e095f50a9eb416
          • Opcode Fuzzy Hash: bc7bba69f68066120f9ded32506f3e0f8521d04742b653aa4d442a57419baf8f
          • Instruction Fuzzy Hash: 94716E32A18A4686EB659F25E8842BC7364FF48B50F644535EB9E837A5CF3CF885D340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6F6938, Relevance: 10.8, APIs: 7, Instructions: 291COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: _invalid_parameter_noinfo
          • String ID:
          • API String ID: 3215553584-0
          • Opcode ID: bda3a8476d5024bc3d79f87f1beb823d16eb2df97ad9157a7fbb6ea3866b0d40
          • Instruction ID: 55c665b6fb6b0559728c2e1b4fbd6f7bde6965d3f44ebf5c5cc74a088bc42a2e
          • Opcode Fuzzy Hash: bda3a8476d5024bc3d79f87f1beb823d16eb2df97ad9157a7fbb6ea3866b0d40
          • Instruction Fuzzy Hash: 13C10422A6C78289EB729B14D0402BD7BA5FF80B80F654131FA4E87791DE7DE856E710
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E4970, Relevance: 10.7, APIs: 7, Instructions: 154networkCOMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: CloseHandleUnregisterWait$ErrorLastclosesocketshutdown
          • String ID:
          • API String ID: 1892040934-0
          • Opcode ID: fd5789f13a6a23768f05ddc4e942983ed7923bb5a0005c1d3142b2f191851e86
          • Instruction ID: 46b5bd7ece4b690b31e43c64a2d4b68b1ecdf0e3b83999c9930e628770d368e5
          • Opcode Fuzzy Hash: fd5789f13a6a23768f05ddc4e942983ed7923bb5a0005c1d3142b2f191851e86
          • Instruction Fuzzy Hash: BC614F32A1479186EB659B65D9403B873A0FF48B74F240336EBAC977D5DF38E4A19700
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6DEF70, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 134sleepCOMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: AcquireCompletionCriticalErrorLastLeaveLockPostQueuedSectionSleepStatus
          • String ID: PostQueuedCompletionStatus
          • API String ID: 3356211451-3446536168
          • Opcode ID: 49fe76818cf06281968ec80168dec92f67345f84daf3ca0204e32d9e88c5a88c
          • Instruction ID: 127de6e9b4da6e0985cb1ebcedd720f943e89518d6d9c5aaf964ff42719e736d
          • Opcode Fuzzy Hash: 49fe76818cf06281968ec80168dec92f67345f84daf3ca0204e32d9e88c5a88c
          • Instruction Fuzzy Hash: 8E511832F29A4281EF669B6594503B823A1EF58B44F7C4435EA4E8B394EE2DE841A351
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E51A0, Relevance: 9.3, APIs: 6, Instructions: 267networkCOMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: ErrorIoctlLast$htonlhtons
          • String ID:
          • API String ID: 3703840298-0
          • Opcode ID: 09e3f00126cd8fc5b107ca0ec4bcbe7170b721e1782fa03aca2c7f7b18232c06
          • Instruction ID: 7d8fe622a0acaf45bb42d6fbc51579bcb142781380470f436adf8f0ff93c2cf7
          • Opcode Fuzzy Hash: 09e3f00126cd8fc5b107ca0ec4bcbe7170b721e1782fa03aca2c7f7b18232c06
          • Instruction Fuzzy Hash: D2C17572918B81CAEB658F64E84027D73A1FF44758F604136EB8E87668EF7CE491DB40
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C707E10, Relevance: 9.2, APIs: 6, Instructions: 193COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: CreateCriticalInitializeSection$ConsoleErrorEventHandleLastWindow$CloseCompletionFreePortSemaphoreShow
          • String ID:
          • API String ID: 1453760009-0
          • Opcode ID: 72eb7a95554ba52d4ff088cad04f0619ce693f34988d1e9ef89fc557f2b13e59
          • Instruction ID: 979367921676cc99b03a40e5e0eca74efcf1c98597155cca8c34ec2e129dedcf
          • Opcode Fuzzy Hash: 72eb7a95554ba52d4ff088cad04f0619ce693f34988d1e9ef89fc557f2b13e59
          • Instruction Fuzzy Hash: B0916B72A08B42C1EB149F26E85027937A4FF84B54F748135EA9D873A1DF3DE891C350
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E1160, Relevance: 9.1, APIs: 6, Instructions: 98fileCOMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: ErrorFileHandleLast$CloseCreateInformation
          • String ID:
          • API String ID: 1345328482-0
          • Opcode ID: 450d3b03d8b05a52d0934056ac34fe43c275f1d78e29339b48df9ac4a919ac04
          • Instruction ID: 2cfc74fc7c4fe2c4c0d7f7b3dfbaf1a2df8f61b41dee73830d0c02892fc5c9ab
          • Opcode Fuzzy Hash: 450d3b03d8b05a52d0934056ac34fe43c275f1d78e29339b48df9ac4a919ac04
          • Instruction Fuzzy Hash: A9419031A1C68186E7618BA5E8543BE73A1FF85794F204135EA9DC7AA5EF3CD044EB00
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E4850, Relevance: 9.1, APIs: 6, Instructions: 75networkCOMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: ErrorLastioctlsocket
          • String ID:
          • API String ID: 1021210092-0
          • Opcode ID: b459aa36d604f2fedfbffcdf738b21a5bb8d3f8fbdc2f63ad5f65e3bc272de81
          • Instruction ID: 5d0f8742357c05f967b13fbc3a9e7b2a5c1381a746f26b3f926d4e9a46775a20
          • Opcode Fuzzy Hash: b459aa36d604f2fedfbffcdf738b21a5bb8d3f8fbdc2f63ad5f65e3bc272de81
          • Instruction Fuzzy Hash: C331E631E1C68241E7608BB5A94527D63A2AF007E4F740231EA69C7AD8EF6CE840E744
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E7FA0, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 266filepipeCOMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: ErrorFileLastRead$BreakDebugFormatFreeLocalMessageNamedPeekPipe
          • String ID: uv__malloc
          • API String ID: 3005162961-1058249677
          • Opcode ID: 831520ccdb762c88dec8f0dfa8e635a2dc579c0695ce829a30e7278cee8b654a
          • Instruction ID: 3bcbadc83c808e5719468bd9fbdee5933baaa2a4b31a6f06340847571a4a286f
          • Opcode Fuzzy Hash: 831520ccdb762c88dec8f0dfa8e635a2dc579c0695ce829a30e7278cee8b654a
          • Instruction Fuzzy Hash: 4BC18632A28BC186E7618F2CD8442BD6361FF98B84F245236EF4D97695EF38E591D700
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6DF8C0, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: CreateErrorEventLast
          • String ID: CreateEvent
          • API String ID: 545576003-2692171526
          • Opcode ID: 2aa8462679127533fb6e9e96584c471b0db6ed8078ec88f24572a4e9c7ec6bc1
          • Instruction ID: 9983202b267c84657dfadedc28eba918ad4559b8e9b842993424928b1032d7db
          • Opcode Fuzzy Hash: 2aa8462679127533fb6e9e96584c471b0db6ed8078ec88f24572a4e9c7ec6bc1
          • Instruction Fuzzy Hash: 0E41A472E2874286EB7A8F79D05177D3392EF48B54F348435EA0AC6699DF38E840D741
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6F78C0, Relevance: 7.7, APIs: 5, Instructions: 203COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
          • String ID:
          • API String ID: 2210144848-0
          • Opcode ID: 8f2526b808d345139273071b7c36a5c72410f7c1c347d84cdd087ae33925f779
          • Instruction ID: 5017a6508c0e3b3806fc5cdf1d1b9e0c46fa72e4bc0e44682b22e7620848dba0
          • Opcode Fuzzy Hash: 8f2526b808d345139273071b7c36a5c72410f7c1c347d84cdd087ae33925f779
          • Instruction Fuzzy Hash: 3681DD32E68A028DFB629F6598802BC27A5FF45B94F640135EE0ED7791DF3CA542E310
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6DB840, Relevance: 7.7, APIs: 5, Instructions: 195COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: BufferConsoleInfoScreen
          • String ID:
          • API String ID: 3437242342-0
          • Opcode ID: d7fc62cd67f9d64df1739ed103f5536f2892a3c22985ed5fe06e8f56056a98da
          • Instruction ID: 58660a4e5a2f851d5deff6d0ef6d603d4a35c7e4bbb03d07f680c695de01bda6
          • Opcode Fuzzy Hash: d7fc62cd67f9d64df1739ed103f5536f2892a3c22985ed5fe06e8f56056a98da
          • Instruction Fuzzy Hash: 94719031F2CA9286E7358B29A44077DB2A1FFC5740F715139EA8AC7A98DF3DE4449B00
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E4170, Relevance: 7.7, APIs: 5, Instructions: 162COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: ByteCharMultiWide
          • String ID:
          • API String ID: 626452242-0
          • Opcode ID: 85ad4839aec1400d84b8c313dac5aeb88e3cd43949d7b1cf530ef36389c53bc9
          • Instruction ID: 98f5d7b4f266dfd35d1b0981502eb38e4104d03465de2146a9984e8c9ca3835c
          • Opcode Fuzzy Hash: 85ad4839aec1400d84b8c313dac5aeb88e3cd43949d7b1cf530ef36389c53bc9
          • Instruction Fuzzy Hash: FD717B72A19B41C6D721CF65E8406A9B3A4FF48BA8F294636EB9D83794EF38D450D700
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E1680, Relevance: 7.6, APIs: 5, Instructions: 72fileCOMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: CloseCreateErrorFileHandleLast
          • String ID:
          • API String ID: 2528220319-0
          • Opcode ID: 8b14730774a528a77c9630fbbfb443bb010746de43bfa8fc7f0a44ee9171f595
          • Instruction ID: 9ce632fb70eaa16fb8b9a4ef7abf6a5d5e87c628bb240a11a800d96320c54408
          • Opcode Fuzzy Hash: 8b14730774a528a77c9630fbbfb443bb010746de43bfa8fc7f0a44ee9171f595
          • Instruction Fuzzy Hash: 4221C131A18A4186EB618B66F8013BD63A0AF45BE4F644231EA6DC77C6EE7DD480A700
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6F8100, Relevance: 7.6, APIs: 5, Instructions: 60threadCOMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
          • String ID:
          • API String ID: 2067211477-0
          • Opcode ID: 27cd738b5c66be701432a542cec560ebaa0f49f7fbb9d63ee160985334b250db
          • Instruction ID: dfc2853644e4bf5224a4e9a8772b9682783cd00809b1afc94feb0cc494759df1
          • Opcode Fuzzy Hash: 27cd738b5c66be701432a542cec560ebaa0f49f7fbb9d63ee160985334b250db
          • Instruction Fuzzy Hash: FC218125A6D7438AFF26DFA1D85117A63A0AF89BD0F280571EE4D83795DF3CE402A700
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E3AB2, Relevance: 7.5, APIs: 5, Instructions: 49fileCOMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: ErrorLast$CloseCreateFileHandle
          • String ID:
          • API String ID: 614986841-0
          • Opcode ID: 8a37935f45c4ad6e20f9d608794db683dd578dfd020529d5a57a9c0ddd4372ac
          • Instruction ID: 36e4d98f6901a75f84f07f69bbeab45492eddb118b039cc68c49d8055682f71f
          • Opcode Fuzzy Hash: 8a37935f45c4ad6e20f9d608794db683dd578dfd020529d5a57a9c0ddd4372ac
          • Instruction Fuzzy Hash: BA216031A2864186E7759B65B8453AA76A0FF487A0F200135EA9EC37D5EF3CD045DB00
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E75F0, Relevance: 7.5, APIs: 5, Instructions: 42COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: AcquireCancelCriticalLeaveLockSection
          • String ID:
          • API String ID: 425739252-0
          • Opcode ID: 592d57a57959266a3dffd13ed3e13a6b0c5cf8ad2009d84dc9f7f9532f272b8c
          • Instruction ID: aee6644920f02c88bbad3f91ae9bc234e0112bffaed62cc947f07d32975e26e9
          • Opcode Fuzzy Hash: 592d57a57959266a3dffd13ed3e13a6b0c5cf8ad2009d84dc9f7f9532f272b8c
          • Instruction Fuzzy Hash: 4C117372A28A4181EB648B68D8892B82351EF54B7CF640331E97D862E4DF3C95D5D310
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E47D0, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31networkCOMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: setsockopt$ErrorLast
          • String ID: <
          • API String ID: 1564866530-4251816714
          • Opcode ID: cf6a09f5629fbf79c709b561144fe740c36829b40f3ea8a34581ba8048369b3d
          • Instruction ID: 0d9b0f46b298d78be414d8ff796dc3961d6330c562e7e4cf6bc70de4b6c32719
          • Opcode Fuzzy Hash: cf6a09f5629fbf79c709b561144fe740c36829b40f3ea8a34581ba8048369b3d
          • Instruction Fuzzy Hash: 10F0A4B162518183E7608F61D40476A7250FF84364F600231F79A86BD4DF3CC599DB04
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C72CF60, Relevance: 6.3, APIs: 4, Instructions: 273COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: CriticalInitializeSection$CreateErrorLastSemaphore
          • String ID:
          • API String ID: 4214712624-0
          • Opcode ID: 6130c0228b009c9659ab12e8e301ca45f49163596a292a6e0ce1035d769bf9df
          • Instruction ID: 32e3a6c9a32d09e2092acd5c2da743217c3aea0af864c3b7e6a000cf854e017f
          • Opcode Fuzzy Hash: 6130c0228b009c9659ab12e8e301ca45f49163596a292a6e0ce1035d769bf9df
          • Instruction Fuzzy Hash: BDD13571A09F4285EB20DB25E8502B837A4FF58B94FB4413AEA5D837A1EF3CE855D340
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E6F20, Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: strchr
          • String ID: 0123456789ABCDEF$0123456789abcdef
          • API String ID: 2830005266-885041942
          • Opcode ID: 29aa68911b3825929b3ea630742efa60c9f076c98a594a8998fb6fc87a09fb5b
          • Instruction ID: 87018963c25878058fd0d45f5f7c5583498ae9ba2adf0c56ea725deeb6786421
          • Opcode Fuzzy Hash: 29aa68911b3825929b3ea630742efa60c9f076c98a594a8998fb6fc87a09fb5b
          • Instruction Fuzzy Hash: 1F51D222A2D78651EE738F24EC001BA67A1AF95788F684037FA8DC7695FE3CE545D300
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E2150, Relevance: 6.1, APIs: 4, Instructions: 107COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 6efa6dbebb1befa859e6fe060280b4b979443bfbb12bef665e1f03d66bd67d84
          • Instruction ID: 435b17d30a45c2b9d5c63692a872d3b9e5c84d9b4a2f82d0c031a3299a19cac9
          • Opcode Fuzzy Hash: 6efa6dbebb1befa859e6fe060280b4b979443bfbb12bef665e1f03d66bd67d84
          • Instruction Fuzzy Hash: 6D51B332A09B4186E7618F24E8543AD73A5FF84B64F244235EBAD877D4EF3DD4449B00
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E301B, Relevance: 6.1, APIs: 4, Instructions: 104COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: aebf7af7768a3dbdbd6effe77ac93c537f5a99021a3bbd6753477e373acf32a8
          • Instruction ID: 3caae241bbd30021a46e88ecfe2348b9408b4a8ab068ad1bb3adf723f256b3d3
          • Opcode Fuzzy Hash: aebf7af7768a3dbdbd6effe77ac93c537f5a99021a3bbd6753477e373acf32a8
          • Instruction Fuzzy Hash: C4417531718B8186D7719B66A8402AAB390FF457B0F204336EAAE837D5EF7DE445DB00
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E8850, Relevance: 6.1, APIs: 4, Instructions: 86networkCOMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: ErrorLast
          • String ID:
          • API String ID: 1452528299-0
          • Opcode ID: 1e1bd3f2e59638175ac3e5468fea42c7b1a6edd3325995a23e4a16bccf74c5c7
          • Instruction ID: 67f501ab5221a8e8c161bc8b8a85b2c7e523eab23d77ee16c3965b4ab4b581b5
          • Opcode Fuzzy Hash: 1e1bd3f2e59638175ac3e5468fea42c7b1a6edd3325995a23e4a16bccf74c5c7
          • Instruction Fuzzy Hash: CD41C1B2918B8186E7A58F29D8543A837E4FF09B40F280136EB8C837C5EF39D4A4D741
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E25B0, Relevance: 6.1, APIs: 4, Instructions: 72fileCOMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: ErrorLast$CloseCreateFileHandle
          • String ID:
          • API String ID: 614986841-0
          • Opcode ID: 745c2ae78590217507b079990e5a7ed13ad9521c8ff232302cd963b6e614dbc3
          • Instruction ID: 2ca1f9c03f28d5dc410cbb3f3752e960c5ad3475ec4180ab2e3246f054be3f06
          • Opcode Fuzzy Hash: 745c2ae78590217507b079990e5a7ed13ad9521c8ff232302cd963b6e614dbc3
          • Instruction Fuzzy Hash: 7631F631A18BC186E7328F21A8542EA73A5FF887A0F204335EE5D97795EF38D542D700
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E3640, Relevance: 6.1, APIs: 4, Instructions: 51fileCOMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: ErrorLast$CloseCreateFileHandle
          • String ID:
          • API String ID: 614986841-0
          • Opcode ID: ccad3cc37dc7f415de3795fff588c02dfdc7b619474149fd44498cfdd34278a0
          • Instruction ID: 97df88d97e63d028d200cfece784a283cbe558f8184900aee262263ffbe4bc83
          • Opcode Fuzzy Hash: ccad3cc37dc7f415de3795fff588c02dfdc7b619474149fd44498cfdd34278a0
          • Instruction Fuzzy Hash: AB214131618AC186E2725B25A4413EAB3A4FF9C7A4F140232DF9E87BA5DF6DE045DB00
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6DD5C0, Relevance: 6.0, APIs: 4, Instructions: 38COMMON
          Download Yara Rule
          APIs
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: CriticalLeaveSection$AcquireBufferConsoleInfoLockScreen
          • String ID:
          • API String ID: 1074281242-0
          • Opcode ID: ff133d7ce8886c6e674d36a0541a6fec947e4e5fd7131f9a9ad25c4c8b5a3d99
          • Instruction ID: 0edbde101c43329e392e4f41181d28906f885c0c2cfd331ea1a5ed9005f4f2cd
          • Opcode Fuzzy Hash: ff133d7ce8886c6e674d36a0541a6fec947e4e5fd7131f9a9ad25c4c8b5a3d99
          • Instruction Fuzzy Hash: 84110A21E1CE8286EA21AF20E891079B370FF88754FA01135E58EC2675DF3CE545DB00
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6F0740, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 171COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: _invalid_parameter_noinfo
          • String ID: *
          • API String ID: 3215553584-163128923
          • Opcode ID: 51f30c57383b55343bc128b2758033d2f6d3959e5b05dd962bd49f156608f066
          • Instruction ID: b1cba3b93843b876041d4396713ff4a1fd7fc6a37b52f747e51314b02fbe22ce
          • Opcode Fuzzy Hash: 51f30c57383b55343bc128b2758033d2f6d3959e5b05dd962bd49f156608f066
          • Instruction Fuzzy Hash: BF718576968616CDFB768F29805017C3BA4FF45B58F342135EA4E8229AEF38D483E750
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6FDEE4, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: _invalid_parameter_noinfo
          • String ID: e+000$gfff
          • API String ID: 3215553584-3030954782
          • Opcode ID: bf7870c09de7221cea7507ddb8d9696f307268e77ddd39a3ca4e86c52f0de71c
          • Instruction ID: 8f69c9ff7f013949fe40e81d47947557305f5791408cfd749507e4bc47c13f1b
          • Opcode Fuzzy Hash: bf7870c09de7221cea7507ddb8d9696f307268e77ddd39a3ca4e86c52f0de71c
          • Instruction Fuzzy Hash: 25515862B287C28AE7368F35D8403697B91EF81B90F189235E79C87BD6CE2DE045D701
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6F7664, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: ErrorFileLastWrite
          • String ID: U
          • API String ID: 442123175-4171548499
          • Opcode ID: d8df5ae2627a329a277005ff89fe5d1738bd5fd1f698bcb2715130ffcb42a79f
          • Instruction ID: d6e5674ee5855889b340879bcc2d9e291afb138fdf262708fa46c6ecf8a8c183
          • Opcode Fuzzy Hash: d8df5ae2627a329a277005ff89fe5d1738bd5fd1f698bcb2715130ffcb42a79f
          • Instruction Fuzzy Hash: F441B032A29A8186EB219F25E8443A967A1FB98794FA14031EE4DC7798EF7CD402D740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E5A00, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 86COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: closesocketsetsockopt
          • String ID: @
          • API String ID: 553142124-2766056989
          • Opcode ID: 3045a3b3d6c2d2bda4704492f4f23664e9af406144990b83f6a05aecaed50622
          • Instruction ID: 70f50ad5fa18148e014b112e7210a538de4f26ce2827ce9f5e5aa99c06ea1c5b
          • Opcode Fuzzy Hash: 3045a3b3d6c2d2bda4704492f4f23664e9af406144990b83f6a05aecaed50622
          • Instruction Fuzzy Hash: 12314132A1468286EB659F29D89067973A1EF44BACF244236EE6E877D4DF38D841D700
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6FF098, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: Stringtry_get_function
          • String ID: LCMapStringEx
          • API String ID: 2588686239-3893581201
          • Opcode ID: c41598d3f3736725f896ef355dde47d1930cd13f8c8422ef482290886d2eb148
          • Instruction ID: c210cbf023063e1165852e9d0952a04093578904174e9ec36bb6664a51157507
          • Opcode Fuzzy Hash: c41598d3f3736725f896ef355dde47d1930cd13f8c8422ef482290886d2eb148
          • Instruction Fuzzy Hash: 98110B36618B8186D760CB55F4402AAB7A5FBC9B90F244136EECD83B69DF3CD5518B00
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6DE7A0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: CounterErrorLastPerformanceQuery
          • String ID: QueryPerformanceCounter
          • API String ID: 1297246462-2908139586
          • Opcode ID: 591c18bd5f2a849b446aa9e6adef8d174a55a4cdd6058c99f0d93b2bd6f1815b
          • Instruction ID: 597d5b16899212ad5cd9c656b8f1b317289516314e6dbf77826c1ce8c455405e
          • Opcode Fuzzy Hash: 591c18bd5f2a849b446aa9e6adef8d174a55a4cdd6058c99f0d93b2bd6f1815b
          • Instruction Fuzzy Hash: 1F01DF11E19F4689EE57973664523369266AFA13C0F348332F80FA6261EF2EB4D28610
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6E7DB0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: ErrorItemLastQueueUserWork
          • String ID: QueueUserWorkItem
          • API String ID: 476849798-2469634949
          • Opcode ID: bfd468a5686a37ff8f1254eb5582c8e65b43732d2a2c71bcff47c0d2c2883aba
          • Instruction ID: 9d4acb4a3713b3bb1dd67b7f71d912fbf493c193998b2827b5dcd10087e363f8
          • Opcode Fuzzy Hash: bfd468a5686a37ff8f1254eb5582c8e65b43732d2a2c71bcff47c0d2c2883aba
          • Instruction Fuzzy Hash: 9AF05475A2974681EA669B15DC543B822E1AF02BC0F744037D54D862A5FF6CD485E700
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6DF741, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: UnregisterWait
          • String ID: UnregisterWaitEx
          • API String ID: 2974071796-3194662728
          • Opcode ID: bc778ed2b29051846ca4a54daf3d44c35741d5dd49e61e693110b1099d092a88
          • Instruction ID: 52a25c3f985a6c4dfd6d7238fec1b27ce5e8232edbf6650289d678426f8bf612
          • Opcode Fuzzy Hash: bc778ed2b29051846ca4a54daf3d44c35741d5dd49e61e693110b1099d092a88
          • Instruction Fuzzy Hash: EF017132E2468286DB318FB9E4402BC3361EF05B74F741330EA7A866D5DE28E891E741
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6FF034, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: CountCriticalInitializeSectionSpintry_get_function
          • String ID: InitializeCriticalSectionEx
          • API String ID: 539475747-3084827643
          • Opcode ID: 87fd2e671c33776714fc38f4865cafbab3a66f6a3df502af88a997b72737ed41
          • Instruction ID: 84164496c511802af5286d37bf5b01b92d73bfccf70982779a675c597233bc96
          • Opcode Fuzzy Hash: 87fd2e671c33776714fc38f4865cafbab3a66f6a3df502af88a997b72737ed41
          • Instruction Fuzzy Hash: 9AF0E226B2874182F7158B81F4010B52261AF88BD0F644035EA4D87B65CF3DD886D740
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6FEF98, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: Valuetry_get_function
          • String ID: FlsSetValue
          • API String ID: 738293619-3750699315
          • Opcode ID: fdda7c284ed780d6b616d8c2fa7e6c108da739528b2bca83ed4d5409acd3c8b0
          • Instruction ID: 7b90eada76707a7db37ccb94506a9c324d4c48bf79c53e69a02da96fdd99969a
          • Opcode Fuzzy Hash: fdda7c284ed780d6b616d8c2fa7e6c108da739528b2bca83ed4d5409acd3c8b0
          • Instruction Fuzzy Hash: 2AE09B65A1864296FB155B60F8020B52622EF48780F784031D51D863B4CF3DD885D710
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00007FF60C6FF174, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
          Download Yara Rule
          APIs
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.196463114.00007FF60C671000.00000040.00020000.sdmp, Offset: 00007FF60C670000, based on PE: true
          • Associated: 00000000.00000002.196459827.00007FF60C670000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.196565267.00007FF60C763000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196581703.00007FF60C9F8000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196587875.00007FF60CA05000.00000040.00020000.sdmp Download File
          • Associated: 00000000.00000002.196591354.00007FF60CA07000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.196594478.00007FF60CA08000.00000004.00020000.sdmp Download File
          • Associated: 00000000.00000002.196597560.00007FF60CA09000.00000002.00020000.sdmp Download File
          Joe Sandbox IDA Plugin
          • Snapshot File: hcaresult_0_2_7ff60c670000_SearchIndexer.jbxd
          Yara matches
          Similarity
          • API ID: DownlevelLocaleName__crttry_get_function
          • String ID: LocaleNameToLCID
          • API String ID: 404522899-2050040251
          • Opcode ID: 4e1191a8689eca35531d3ec7936ea1dcedde998d660779ffb47fd1d8906b5427
          • Instruction ID: fb06eebb6d2cf8640bb5238f6de60642fc72f7059523d6f08baef9b98c74a79b
          • Opcode Fuzzy Hash: 4e1191a8689eca35531d3ec7936ea1dcedde998d660779ffb47fd1d8906b5427
          • Instruction Fuzzy Hash: E1E09225A28542D2FA199B90E8420F522619F84380FB84436E61D463A1DF3CE8869700
          Uniqueness

          Uniqueness Score: -1.00%